Am 25.12.2025 um 01:08:05 Uhr schrieb Andrew via NANOG: > - Using any form of NAT / packet translation with IPv6 (not including > nat64 / other v4 transition related)
Don't do that, there is enough address space for the customers. > - Dropping non-TCP/UDP/ICMP protocols (outside of CGNat) - such as > ‘raw’ IPSec ESP / AH without UDP encapsulation, or SCTP Don't do that, it's the customers data and not yours, so do not interrupt other people's connections. > - TCP MSS - MSS Clamping all connections > > - TCP MSS - MSS Clamping, but you instead (accidentally?) set MSS to > your desired value even if it was lower before This is crap. ICMP exists for this and also works for UDP. > - Other TCP options - Dropping syn packets with invalid/unknown > options Not your task, this is being done at the customer's machines. > - TCP connection interception - Network operator terminates TCP > session from user and then establishes a new one with the original > destination. All TCP options, sequence numbers, .. are lost in this > translation > - Related to above - Network accepts TCP connection which it will > intercept (sends SYN/ACK to user) before it confirms that the > destination is reachable Are you a crappy ISP that really needs to do this? > - Dropping/resetting port 80 sessions that don't ‘look like’ HTTP > > - Dropping/resetting port 443 sessions that don't ‘look like’ TLS Can you please stop interfering connections? You are an ISP and people pay your for transferring the data they requested. > - Redirecting port 53 DNS queries to ISP’s own servers, regardless of > destination IP Do you want to attack it? Only nasty ISPs are doing this. > - HTTP header injection into port 80 HTTP traffic (i.e. for user > tracking) > > - HTTP content injection into port 80 HTTP traffic (i.e. replacing > ads, adding dialogs, …) (and not blanket redirection for non-payment) Ask in darknet crime forums for that. There is the right place for you if you want to do that. -- Gruß Marco Send unsolicited bulk mail to [email protected]
pgpZZLyogYOHG.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/NEY2A7FNNJCHCF32724LBNPBL42ZLAXD/
