On Dec 7, 2009, at 5:29 PM, John Levine wrote:

>> Will be interesting to see if ISPs respond to a large scale thing like
>> this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>> (albeit for other reasons). Therein lies the problem with some of the
>> "net neturality" arguments .. there's a big difference between "doing it
>> because it causes a problem for others", and "doing it because it robs
>> me of revenue opportunities".
> 
> I do hear of ISPs blocking requests to random offsite DNS servers.
> For most consumer PCs, that's more likely to be a zombie doing DNS
> hijacking than anything legitimate.  If they happen also to block
> 8.8.8.8 that's just an incidental side benefit.

I've found more and more hotel/edge networks blocking/capturing this traffic.

The biggest problem is they tend to break things horribly and fail things like 
the
oarc entropy test.

They will often also return REFUSED (randomly) to valid well formed DNS queries.

While I support the capturing of malware compromised machines until they are
repaired, I do think more intelligence needs to be applied when directing these 
systems.

Internet access in a hotel does not mean just UDP/53 to their selected hosts 
plus TCP/80,
TCP/443.

The University of Michigan Hospitals have a guestnet wireless that is ghetto 
and blocks
IMAP over SSL.  Attempts to get them to correct this have fallen on deaf ears.  
I can't even
VPN out to work around the sillyness, which typically works in other 
hotel/guestnet scenarios.

Providers to avoid: US Signal Corporation. (64.141.138.226 was my natted IP in 
a Hampton Inn depsite whois/swip).

- Jared

Reply via email to