PlayStationNetwork blocking of CGNAT public addresses
rsk at gsp.org
Fri Sep 23 12:35:11 UTC 2016
On Mon, Sep 19, 2016 at 09:55:56PM +0200, Florian Weimer wrote:
> Github users create several orders of magnitude more SSH connections
Ah. I didn't know that. Thanks!
> Sure, and people already do this, and are not very flexible about it.
> Support staff isn't briefed, and claim they do such stochastic
> behavior adjustment across all (server) products, which I find
> difficult to believe.
You're right: those are serious drawbacks. If folks are going to do
this, then they need to do it right, which means making sure everyone
is in the loop and making sure that support staff are clueful/diligent
enough to investigate -- or at least hand off to someone who'll investigate.
This stuff works but only if you're adaptive/flexible and willing to
learn and adjust on an ongoing basis.
> I'm worried that this leads to a future where tunnelling everything
> over HTTP(S) is no longer sufficient. You have to make it look like a
> web server or browser, too. Everything else risks triggering
> automated countermeasures.
And as someone who constantly beats the "Internet != web" drum,
I second this. Marginalizing other protocols doesn't serve us well
in short term (it breaks things) or the long term (it stifles innovation).
More information about the NANOG