dns interceptors

Steven Bellovin smb at cs.columbia.edu
Sun Feb 14 23:59:56 UTC 2010

On Feb 14, 2010, at 6:54 PM, Mark Andrews wrote:

> In message <alpine.GSO.2.00.1002141746410.9929 at clifden.donelan.com>, Sean Donel
> an writes:
>> On Sun, 14 Feb 2010, Randy Bush wrote:
>>>> ssh tunnels to IP address
>>> i am often on funky networks in funky places.  e.g. the wireless in
>>> changi really sucked friday night.  if i ssh tunneled, it would multiply
>>> the suckiness as tcp would have puked at the loss rate.
>>> smb whacked me that i should use non-tcp tunnels.
>> Their network, their rules; your network, your rules; my network, my 
>> rules.
> There is also "truth in advertising" laws.  If they advertise
> "Internet" access then you should get the "Internet" not a cut down /
> filtered version.

Yes -- and as a reward for your expertise, you get to explain the problem with a transparent DNS proxy to the judge.  For bonus points, explain it to a jury....

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

More information about the NANOG mailing list