[18142] in North American Network Operators' Group
Re: backbone transparent proxy / connection hijacking
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Jun 28 07:27:12 1998
Date: Sun, 28 Jun 1998 01:49:19 -0700
To: nanog@merit.edu
From: "Patrick W. Gilmore" <patrick@priori.net>
Cc: nanog@merit.edu
In-Reply-To: <199806280237.VAA19091@freeside.fc.net>
At 09:37 PM 6/27/98 -0500, Jeremy Porter wrote:
>
>Cisco policy routing can use source IP address for deciding to pass
>traffic to the cache engine. The cache engine, normaly can be
>configured to exempt destination. I believe that this fixes both
>issues. Expecting the customer to be able to have a clue to
>go to a www page is a bit much, tho. Some customers have setup
I find it ridiculous to suggest that an ACL be built and modified for each
and every "broken" thing you find. I wouldn't be surprised if the
resources necessary to keep this up - especially considering the potential
customer dissatisfaction it *will* cause - outweighs the benifit of the cache.
>IP based authentication on their NT server, but can't figure out how
>to configure SLL which wouldn't be cached, and would be more secure.
>The burden of making this work is on the cache operator. Also it turns
>out that the sites with the most problems with the cache are the ones
>paying the least money for service. Its hard to feel very sorry for
>a $20/month dialup customer, who is connecting to his coporate site
>with a broken NT server.
If you are just now figuring out that there are users who are clueless on
the Internet, you're way behind the curve. If you figured this out a long
time ago and have simply dismissed those users - even the $20/mo dialup
customers - as "hard to feel very sorry for", then I'm surprised you are
still in business.
I give all of my users transit to their desired destination when the pay me
for it. Not just those cluefull enough to configure exceptions to the
proxy services I have decided to ram down their throat - without their
foreknowledge or consent.
You are, of course, welcome to do as you please on your network.
>Jeremy Porter, Freeside Communications, Inc. jerry@fc.net
TTFN,
patrick
**************************************************************
Patrick W. Gilmore voice: +1-650-482-2840
Director of Operations, CCIE #2983 fax: +1-650-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
"Tomorrow's Performance.... Today"
**************************************************************