On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
On Dec 7, 2009, at 5:29 PM, John Levine wrote:
Will be interesting to see if ISPs respond to a large scale thing like this taking hold by blocking UDP/TCP 53 like many now do with tcp/25 (albeit for other reasons). Therein lies the problem with some of the "net neturality" arguments .. there's a big difference between "doing it because it causes a problem for others", and "doing it because it robs me of revenue opportunities".
I do hear of ISPs blocking requests to random offsite DNS servers. For most consumer PCs, that's more likely to be a zombie doing DNS hijacking than anything legitimate. If they happen also to block 8.8.8.8 that's just an incidental side benefit.
I've found more and more hotel/edge networks blocking/capturing this traffic.
The biggest problem is they tend to break things horribly and fail things like the oarc entropy test.
They will often also return REFUSED (randomly) to valid well formed DNS queries.
While I support the capturing of malware compromised machines until they are repaired, I do think more intelligence needs to be applied when directing these systems.
Internet access in a hotel does not mean just UDP/53 to their selected hosts plus TCP/80, TCP/443.
It's why I run an ssh server on 443 somewhere -- and as needed, I ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections as I really need... --Steve Bellovin, http://www.cs.columbia.edu/~smb