Subject: Re: small buf in ipf?
To: NetBSD Networking Technical Discussion List <>
From: Andrew Brown <>
List: tech-net
Date: 11/22/2002 15:01:13
>> first of all, can anyone think of a better way to do this?
>The obvious answer is:  Don't even try to do that!!!!

but but but...

>You were subverting the hotel's security policy by using a covert
>channel.  Bad Andrew!  :-)

i should think that you, of all people, would appreciate the effort to
use my own servers for something, as opposed to other people's.  ;-P

>Their implementation was a bit, well, restrictive and perhaps not so
>well thought out, but perhaps it shouldn't really have mattered.

i was mainly peeved that

(a) i couldn't use my own server easily (i trust me more than i trust

(b) their server responded from the wrong address


(c) when i used their server directly, it mostly gave "wrong" answers

basically, you can see that i didn't want to use their server, but it
was difficult to get around it.

>Presumably the available protocols would all have given you different
>kinds of responses to names that really didn't exist out in the real
>word (eg. mail bouces, http proxy error pages, etc.).

yah, though mostly connection refused.  i have, for example, a host
named "home" that i like to connect to.  from anywhere else in the
world, i can simply "ping home" or "telnet home" or "ssh home", but
here i get *their* address for "home".  not "" as it
is usually known, because i got a positive response (with the *wrong*
answer) instead of a negative that would have allowed me (or my
resolver, specifically) to try more things in my dns search path.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."