backbone transparent proxy / connection hijacking

Fri Jun 26 00:12:08 UTC 1998

On Thu, Jun 25, 1998 at 04:11:18PM -0400, Jon Lewis wrote:
> [...] We've got customers with web sites that are broken now because
> they can't communicate with things like Cybercash, because their
> outgoing http requests are hijacked and sent through a Digex web cache. 

Odd.  The box we used to sell through Mirror Image Internet has no problems
reaching Cybercash's site -- though I'll admit that we had a lot of angry
customers for a long time while we found all the wierd little unspecified
protocol violations that "just work" if no "hijacking" takes place.

I don't think Digex is using one of our boxes, and if they are using one
of the "just run Inktomi software on a Solaris box and put an Alteon next
to it" then there are going to be some wierd little unspecified protocol
violations that only Alteon, and a new protocol between Alteon and Inktomi,
could fix.  (Our box integrates forwarding and "hijacking" and this is why.)

karl at mcs.net (Karl Denninger) adds:
> Sigh...... why did I know this kind of crap (hijacking connections) was
> going to start.  Grrr.....
> 
> I understand why people do it, but I do NOT approve of it.

The box we built was designed for access providers -- you know, put 1,000
modems in a room and sell dialup accounts.  It works fine in that context.
And, dialup users are usually not terribly deep as technologists, and they
are used to having their bits mutilated in the great cause of "overcommit."

While a T1 data rate would present no real problem, a T1 customer who would
usually recognize what was happening to them AND care about it, *would*
represent a problem.  And besides, a T1 customer would probably be willing
and able to use ICP or at least run their own local cache and point their
browsers at it nontransparently.
-- 
Paul Vixie
La Honda, CA			"Many NANOG members have been around
<paul at vix.com>			 longer than most." --Jim Fleming
pacbell!vixie!paul		 (An H.323 GateKeeper for the IPv8 Network)