nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What do you consider acceptable packet / session modification for a network operator?

From: Marco Moock via NANOG <nanog () lists nanog org>
Date: Thu, 25 Dec 2025 05:59:07 +0100
Am 25.12.2025 um 01:08:05 Uhr schrieb Andrew via NANOG:


- Using any form of NAT / packet translation with IPv6 (not including
nat64 / other v4 transition related)


Don't do that, there is enough address space for the customers.


- Dropping non-TCP/UDP/ICMP protocols (outside of CGNat) - such as
‘raw’ IPSec ESP / AH without UDP encapsulation, or SCTP


Don't do that, it's the customers data and not yours, so do not
interrupt other people's connections.


- TCP MSS - MSS Clamping all connections

- TCP MSS - MSS Clamping, but you instead (accidentally?) set MSS to
your desired value even if it was lower before


This is crap. ICMP exists for this and also works for UDP.


- Other TCP options - Dropping syn packets with invalid/unknown
options


Not your task, this is being done at the customer's machines.


- TCP connection interception - Network operator terminates TCP
session from user and then establishes a new one with the original
destination. All TCP options, sequence numbers, .. are lost in this
translation



- Related to above - Network accepts TCP connection which it will
intercept (sends SYN/ACK to user) before it confirms that the
destination is reachable


Are you a crappy ISP that really needs to do this?


- Dropping/resetting port 80 sessions that don't ‘look like’ HTTP

- Dropping/resetting port 443 sessions that don't ‘look like’ TLS


Can you please stop interfering connections?
You are an ISP and people pay your for transferring the data they
requested.


- Redirecting port 53 DNS queries to ISP’s own servers, regardless of
destination IP


Do you want to attack it?
Only nasty ISPs are doing this.


- HTTP header injection into port 80 HTTP traffic (i.e. for user
tracking)

- HTTP content injection into port 80 HTTP traffic (i.e. replacing
ads, adding dialogs, …) (and not blanket redirection for non-payment)


Ask in darknet crime forums for that. There is the right place for you
if you want to do that.

-- 
Gruß
Marco

Send unsolicited bulk mail to 1766621285muell () cartoonies org

Attachment: _bin
Description: Digitale Signatur von OpenPGP

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/NEY2A7FNNJCHCF32724LBNPBL42ZLAXD/
Previous By Date Next
Previous By Thread Next

Current thread: