[18071] in North American Network Operators' Group
Re: backbone transparent proxy / connection hijacking
daemon@ATHENA.MIT.EDU (Rich Sena)
Fri Jun 26 10:36:40 1998
Date: Fri, 26 Jun 1998 05:24:26 -0400 (EDT)
From: Rich Sena <ras@poppa.clubrich.tiac.net>
To: nanog@merit.edu
In-Reply-To: <g33ect9g2v.fsf@wisdom.rc.vix.com>
The Vixie Interceptor is really the only product on the market that
handles this particualr situation correctly - it is a fine product in that
respect. Paul and his group - worked thorugh that issue with very fine
detail.
To the best of my knowledge Digex is using the Inktomi/Alteon solution.
On 25 Jun 1998, Paul Vixie wrote:
> Odd. The box we used to sell through Mirror Image Internet has no problems
> reaching Cybercash's site -- though I'll admit that we had a lot of angry
> customers for a long time while we found all the wierd little unspecified
> protocol violations that "just work" if no "hijacking" takes place.
>
> I don't think Digex is using one of our boxes, and if they are using one
> of the "just run Inktomi software on a Solaris box and put an Alteon next
> to it" then there are going to be some wierd little unspecified protocol
> violations that only Alteon, and a new protocol between Alteon and Inktomi,
> could fix. (Our box integrates forwarding and "hijacking" and this is why.)
<snip>
> The box we built was designed for access providers -- you know, put 1,000
> modems in a room and sell dialup accounts. It works fine in that context.
> And, dialup users are usually not terribly deep as technologists, and they
> are used to having their bits mutilated in the great cause of "overcommit."
>
> While a T1 data rate would present no real problem, a T1 customer who would
> usually recognize what was happening to them AND care about it, *would*
> represent a problem. And besides, a T1 customer would probably be willing
> and able to use ICP or at least run their own local cache and point their
> browsers at it nontransparently.
--
I am nothing if not net-Q! - ras@poppa.clubrich.tiac.net