Subject: Re: small buf in ipf?
To: NetBSD Networking Technical Discussion List <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 11/22/2002 15:01:13
>> first of all, can anyone think of a better way to do this?
>The obvious answer is: Don't even try to do that!!!!
but but but...
>You were subverting the hotel's security policy by using a covert
>channel. Bad Andrew! :-)
i should think that you, of all people, would appreciate the effort to
use my own servers for something, as opposed to other people's. ;-P
>Their implementation was a bit, well, restrictive and perhaps not so
>well thought out, but perhaps it shouldn't really have mattered.
i was mainly peeved that
(a) i couldn't use my own server easily (i trust me more than i trust
(b) their server responded from the wrong address
(c) when i used their server directly, it mostly gave "wrong" answers
basically, you can see that i didn't want to use their server, but it
was difficult to get around it.
>Presumably the available protocols would all have given you different
>kinds of responses to names that really didn't exist out in the real
>word (eg. mail bouces, http proxy error pages, etc.).
yah, though mostly connection refused. i have, for example, a host
named "home" that i like to connect to. from anywhere else in the
world, i can simply "ping home" or "telnet home" or "ssh home", but
here i get *their* address for "home". not "home.graffiti.com" as it
is usually known, because i got a positive response (with the *wrong*
answer) instead of a negative that would have allowed me (or my
resolver, specifically) to try more things in my dns search path.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."