another brick in the wall[ed garden]

Andrew D Kirch trelane at trelane.net
Thu May 14 23:25:17 CDT 2009


Well said, if you can't build it, don't trust it.

Andrew (top posted as per previous convention)

Skywing wrote:
> You are brave indeed to trust your packets over the air without a VPN or tunnel of some sort.
>
> While it sounds like Sprint is doing something, for lack of a better word, lame, you would be well advised to not trust your packets to the built-in cell encryption (obfuscation).
>
> - S
>
> -----Original Message-----
> From: Robert E. Seastrom <rs at seastrom.com>
> Sent: Thursday, May 14, 2009 10:50
> To: nanog at nanog.org <nanog at nanog.org>
> Subject: another brick in the wall[ed garden]
>
>
> Dear Sprint EVDO people,
>
> Your man-in-the-middle hijacking of UDP/53 DNS queries against
> nameservers that I choose to query from my laptop on Sprint EVDO is
> not appreciated.  Even less appreciated is your complete blocking of
> TCP/53 DNS queries.
>
> Queries from my lab:
>
>    rs at click [14] %      dig +short @192.148.252.10 version.bind. chaos txt
>    "Just send your damn query already..."
>    rs at click [15] %      dig +tcp +short @192.148.252.10 version.bind. chaos txt
>    "Just send your damn query already..."
>    rs at click [16] %      dig +tcp +short @192.148.252.10 hostname.bind. chaos txt
>    "bifrost"
>    rs at click [17] %
>
> Queries from my laptop:
>
>    Superfly:~ rs$ dig +short @192.148.252.10 version.bind. chaos txt
>    "9.6.0-P1"
>    Superfly:~ rs$ dig +tcp +short @192.148.252.10 version.bind. chaos txt
>    ;; connection timed out; no servers could be reached
>    Superfly:~ rs$ dig +tcp +short @192.148.252.10 hostname.bind. chaos txt
>    "ns1-kscymar06.spcsdns.net"
>    Superfly:~ rs$
>
> Guys, I send you money each month to deliver packets for me, not to
> invent new ways of being annoying (and breaking TSIG signed updates to
> dynamic DNS).  Less is more.  Please stop dinking with 10-minute-idle
> TCP sessions (which I complained about a year and a half ago) and
> knock it off with offering DNS service that I did not ask for.
>
> Sincerely,
>
> Your Disgruntled Customer, RS
>
> PS:  No, I don't expect that this open letter will get you to fix the
> misbehavior, but if some Swedish guy comes along swinging a clue-bat
> at you guys I hope he whacks you a couple of times for me.
>
>
>
>   





More information about the NANOG mailing list