you're not interesting, was Re: another brick in the wall[ed garden]

Martin Hannigan martin at theicelandguy.com
Fri May 15 09:28:01 UTC 2009


Anything traversing the edge. They are all revenue targets.

Best,

Martin



On 5/14/09, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> In message <20090514223605.88104.qmail at simone.iecc.com>, John Levine writes:
>> >Dear Sprint EVDO people,
>> >
>> >Your man-in-the-middle hijacking of UDP/53 DNS queries against
>> >nameservers that I choose to query from my laptop on Sprint EVDO is
>> >not appreciated.  Even less appreciated is your complete blocking of
>> >TCP/53 DNS queries.
>>
>> If I were an ISP, and I knew that approximately 99.9% of customer
>> queries to random name servers was malware doing fake site phishing or
>> misconfigured PCs that will work OK and avoid a support call if they
>> answer the DNS query, with 0.1% being old weenies like us, I'd do what
>> Sprint's doing, too.
>
> 	And what's the next protocol that is going to be stomped on?
>
>> If you're aware of a mechanical way for them to tell the difference,
>> we're all ears.
>
> 	Well you can't answer a TSIG message without knowing the
> 	shared secret so you might as well just let it go through
> 	and avoid some percentage of support calls.  Intercepting
> 	TSIG messages is guaranteed to generate a support call.
>
> 	Similarly intercepting "rd=0" is also guaranteed to generate
> 	a support call.  You almost certainly have a interative
> 	resolver making the query which will not handle the "aa=0"
> 	responses.
>
> 	Similarly there is no sane reason to block DNS/TCP other than
> 	they can do it.
>
> 	Mark
>
>> Regards,
>> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for
>> Dummies
>> ",
>> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
>> "More Wiener schnitzel, please", said Tom, revealingly.
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>
>


-- 
Martin Hannigan                               martin at theicelandguy.com
p: +16178216079
Power, Network, and Costs Consulting for Iceland Datacenters and Occupants






More information about the NANOG mailing list