I just want my traffic to be delivered by my ISP to the destination IP address I specify. Always. I don't want my ISP to capture it or deliver it somewhere else. Bob
>>> Nicholas Leippe <n...@leippe.com> 4/12/2010 11:23 AM >>> Attempting to solve a policy problem with a technological solution is futile. What's to stop your employees from using their own resolver that goes directly to the root DNS servers? (You say, "then, we'll just intercept all port 53 traffic".) Fine, then they use an SSH/tor tunnel over some other port that you can't block (say 143 or 443)... Much better to just monitor and alert abuse/violations and deal with them as appropriate offline, than to start an arms race with technology that you can't win. The same can be said of any network service or protocol. /* PLUG: http://plug.org, ( http://plug.org,/ ) #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
