Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: backbone transparent proxy / connection hijacking

  • From: Patrick W. Gilmore
  • Date: Sun Jun 28 07:28:24 1998

At 09:37 PM 6/27/98 -0500, Jeremy Porter wrote:
>Cisco policy routing can use source IP address for deciding to pass
>traffic to the cache engine.  The cache engine, normaly can be
>configured to exempt destination.  I believe that this fixes both
>issues. Expecting the customer to be able to have a clue to
>go to a www page is a bit much, tho.  Some customers have setup

I find it ridiculous to suggest that an ACL be built and modified for each
and every "broken" thing you find.  I wouldn't be surprised if the
resources necessary to keep this up - especially considering the potential
customer dissatisfaction it *will* cause - outweighs the benifit of the cache.

>IP based authentication on their NT server, but can't figure out how
>to configure SLL which wouldn't be cached, and would be more secure.
>The burden of making this work is on the cache operator.  Also it turns
>out that the sites with the most problems with the cache are the ones
>paying the least money for service.  Its hard to feel very sorry for
>a $20/month dialup customer, who is connecting to his coporate site
>with a broken NT server. 

If you are just now figuring out that there are users who are clueless on
the Internet, you're way behind the curve.  If you figured this out a long
time ago and have simply dismissed those users - even the $20/mo dialup
customers - as "hard to feel very sorry for", then I'm surprised you are
still in business.

I give all of my users transit to their desired destination when the pay me
for it.  Not just those cluefull enough to configure exceptions to the
proxy services I have decided to ram down their throat - without their
foreknowledge or consent.

You are, of course, welcome to do as you please on your network.

>Jeremy Porter, Freeside Communications, Inc.


Patrick W. Gilmore                      voice: +1-650-482-2840
Director of Operations, CCIE #2983        fax: +1-650-482-2844
              "Tomorrow's Performance.... Today"

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.