Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: backbone transparent proxy / connection hijacking

  • From: Karl Denninger
  • Date: Thu Jun 25 20:37:07 1998

On Thu, Jun 25, 1998 at 05:12:08PM -0700, Paul Vixie wrote:
> 
> The box we built was designed for access providers -- you know, put 1,000
> modems in a room and sell dialup accounts.  It works fine in that context.
> And, dialup users are usually not terribly deep as technologists, and they
> are used to having their bits mutilated in the great cause of "overcommit."
> 
> While a T1 data rate would present no real problem, a T1 customer who would
> usually recognize what was happening to them AND care about it, *would*
> represent a problem.  And besides, a T1 customer would probably be willing
> and able to use ICP or at least run their own local cache and point their
> browsers at it nontransparently.
> -- 
> Paul Vixie
> La Honda, CA			"Many NANOG members have been around
> <paul@vix.com>			 longer than most." --Jim Fleming
> pacbell!vixie!paul		 (An H.323 GateKeeper for the IPv8 Network)

Putting these in a POP and hijacking the connections can dramatically lower
the amount of money an NSP needs to spend on long-haul connections (every
locally-fed entry is one you don't pay to transport (again)).  

Why do you think this is so popular with the cable modem folks?

However, the first time a customer who didn't know about this gets an aged
quote on a stock (and loses their shirt), or something else happens that
causes real trouble, you've got a major problem, and it might be a legal
rather than an operational one.

I don't consider this kind of thing, done without full disclosure, to be 
proper in ANY context.  To accomplish the goal you have to *steal* the
packet flow that was given to you and monkey with it.

That act is at least somewhat likely to constitute "wiretapping", and since 
its done without the consent or even knowledge of *any* of the parties to 
the communication at hand......

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.