Anything traversing the edge. They are all revenue targets. Best,
Martin On 5/14/09, Mark Andrews <[email protected]> wrote: > > In message <[email protected]>, John Levine writes: >> >Dear Sprint EVDO people, >> > >> >Your man-in-the-middle hijacking of UDP/53 DNS queries against >> >nameservers that I choose to query from my laptop on Sprint EVDO is >> >not appreciated. Even less appreciated is your complete blocking of >> >TCP/53 DNS queries. >> >> If I were an ISP, and I knew that approximately 99.9% of customer >> queries to random name servers was malware doing fake site phishing or >> misconfigured PCs that will work OK and avoid a support call if they >> answer the DNS query, with 0.1% being old weenies like us, I'd do what >> Sprint's doing, too. > > And what's the next protocol that is going to be stomped on? > >> If you're aware of a mechanical way for them to tell the difference, >> we're all ears. > > Well you can't answer a TSIG message without knowing the > shared secret so you might as well just let it go through > and avoid some percentage of support calls. Intercepting > TSIG messages is guaranteed to generate a support call. > > Similarly intercepting "rd=0" is also guaranteed to generate > a support call. You almost certainly have a interative > resolver making the query which will not handle the "aa=0" > responses. > > Similarly there is no sane reason to block DNS/TCP other than > they can do it. > > Mark > >> Regards, >> John Levine, [email protected], Primary Perpetrator of "The Internet for >> Dummies >> ", >> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor >> "More Wiener schnitzel, please", said Tom, revealingly. >> > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > -- Martin Hannigan [email protected] p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
