[99572] in North American Network Operators' Group
Re: windows update cache
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Fri Sep 28 13:34:59 2007
Date: Fri, 28 Sep 2007 10:16:33 -0700
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <20070928095538.Q40474@sprockets.gibbard.org>
Errors-To: owner-nanog@merit.edu
Steve Gibbard wrote:
> On Fri, 28 Sep 2007, Seth Mattinen wrote:
>
>>
>> Adrian Chadd wrote:
>>> On Fri, Sep 28, 2007, Joe Johnson wrote:
>>>> Windows Software Update Services doesn't require the end-user to be
>>>> part
>>>> of a domain to get updates. You just need to define the WSUS server as
>>>> the source for updates by changing a few registry entries and make sure
>>>> the server is available via HTTP or HTTPS to your customers. You can
>>>> read more at Microsoft's site.
>>>>
>>>> Also, WSUS is free to run on any Windows server.
>>>
>>> Great if you're running a windows IT type LAN; crap if you're running an
>>> ISP!
>>
>> Why? It talks TCP/IP.
>
> This seems like a question of how much control ISPs have over customers'
> PCs at this point. In my day (when we had to push packets up hill
> through 28.8 kbps modems, both ways...), we used to send out CDs to all
> our customers that would install web browsers and mail clients, and
> change the computers' dial-up networking settings to match our network.
> Changing some registry strings for Windows Update would have been trivial.
>
> The ISPs I've dealt with recently as an end user tend to just send out a
> cable or DSL to ethernet bridge and let DHCP do the rest. This is
> progress, as it means devices can move from place to place and just
> work, but I don't think it provides a way to change registry settings.
>
One could try to transparently proxy requests to windows update over to
the WSUS server. No idea if that'll work though. I'm no windows expert,
nor was I trying to provide some total solution, I was just trying to
point out it uses TCP on port 8530 and one could try to use that to
their advantage.
~Seth
