Anything traversing the edge. They are all revenue targets. Best, Martin On 5/14/09, Mark Andrews <Mark_Andrews@isc.org> wrote:
In message <20090514223605.88104.qmail@simone.iecc.com>, John Levine writes:
Dear Sprint EVDO people,
Your man-in-the-middle hijacking of UDP/53 DNS queries against nameservers that I choose to query from my laptop on Sprint EVDO is not appreciated. Even less appreciated is your complete blocking of TCP/53 DNS queries.
If I were an ISP, and I knew that approximately 99.9% of customer queries to random name servers was malware doing fake site phishing or misconfigured PCs that will work OK and avoid a support call if they answer the DNS query, with 0.1% being old weenies like us, I'd do what Sprint's doing, too.
And what's the next protocol that is going to be stomped on?
If you're aware of a mechanical way for them to tell the difference, we're all ears.
Well you can't answer a TSIG message without knowing the shared secret so you might as well just let it go through and avoid some percentage of support calls. Intercepting TSIG messages is guaranteed to generate a support call.
Similarly intercepting "rd=0" is also guaranteed to generate a support call. You almost certainly have a interative resolver making the query which will not handle the "aa=0" responses.
Similarly there is no sane reason to block DNS/TCP other than they can do it.
Mark
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies ", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
-- Martin Hannigan martin@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants