North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: backbone transparent proxy / connection hijacking

  • From: Robert Watson
  • Date: Fri Jun 26 11:15:52 1998

We had the same experience with them -- we have a T1 and commercial web
hosting service at, and our proxy server on our firewall
became extremely broken due to the web proxy they inserted between us and
the world.  Apparently our proxy was generating bad keep-alives in some
form -- of course, none of the web servers we used to contact had a
problem with them.  We received a few days warning before they started,
however, so at least we had some idea what might have caused the sudden
breakage of all out-going web access.  My personal feeling is that this
might be fine for web-browsing dialup customers, but as a commercial
service buying IP connectivity, we were rather upset.

On Thu, 25 Jun 1998, Jon Lewis wrote:

> Has anyone else noticed Digex playing with transparent proxying on their
> backbone?  We have one of our T1's through them, and found that all web
> traffic going out our Digex connection goes through a proxy.  We've got
> customers with web sites that are broken now because they can't
> communicate with things like Cybercash, because their outgoing http
> requests are hijacked and sent through a Digex web cache. 
> Digex wants us to register each web server out on the rest of the
> internet that hosts from our network need to talk directly to.  This looks
> like the beginning of a big PITA.
> I wouldn't have a problem with Digex setting up some web caches and
> encouraging customers to setup their own caches and have them talk to the
> Digex ones via ICP...but caching everything without our knowledge/consent
> stinks.
> ------------------------------------------------------------------
>  Jon Lewis <[email protected]>  |  Spammers will be winnuked or 
>  Network Administrator       |  drawn and quartered...whichever
>  Florida Digital Turnpike    |  is more convenient.
> ______ for PGP public key____

  Robert N Watson 

Carnegie Mellon University  
TIS Labs at Network Associates, Inc.
SafePort Network Services   
[email protected]