Breaking the internet (hotels, guestnet style)
jared at puck.nether.net
Mon Dec 7 17:00:40 CST 2009
On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>> Will be interesting to see if ISPs respond to a large scale thing like
>> this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>> (albeit for other reasons). Therein lies the problem with some of the
>> "net neturality" arguments .. there's a big difference between "doing it
>> because it causes a problem for others", and "doing it because it robs
>> me of revenue opportunities".
> I do hear of ISPs blocking requests to random offsite DNS servers.
> For most consumer PCs, that's more likely to be a zombie doing DNS
> hijacking than anything legitimate. If they happen also to block
> 126.96.36.199 that's just an incidental side benefit.
I've found more and more hotel/edge networks blocking/capturing this traffic.
The biggest problem is they tend to break things horribly and fail things like the
oarc entropy test.
They will often also return REFUSED (randomly) to valid well formed DNS queries.
While I support the capturing of malware compromised machines until they are
repaired, I do think more intelligence needs to be applied when directing these systems.
Internet access in a hotel does not mean just UDP/53 to their selected hosts plus TCP/80,
The University of Michigan Hospitals have a guestnet wireless that is ghetto and blocks
IMAP over SSL. Attempts to get them to correct this have fallen on deaf ears. I can't even
VPN out to work around the sillyness, which typically works in other hotel/guestnet scenarios.
Providers to avoid: US Signal Corporation. (188.8.131.52 was my natted IP in a Hampton Inn depsite whois/swip).
More information about the NANOG