[prev in list] [next in list] [prev in thread] [next in thread]
List: outages-discussion
Subject: Re: [Outages-discussion] [outages] COX TLS/SSL Connections
From: Jeremy Chadwick <jdc () koitsu ! org>
Date: 2018-11-08 23:38:00
Message-ID: 20181108233800.GA62652 () icarus ! home ! lan
[Download RAW message or body]
How did you determine "it" is "mangling the dst/src ports"?
This honestly sounds like a case of a layer 7 DPI device (ex. Sandvine)
being misconfigured or doing something Incredibly Stupid(tm). The term
"mangle" implies some form of rewriting, which those devices usually do
not do (they aren't NAT-like); they can certainly block/drop/blackhole
packets, however.
This is all speculative, BTW (re: assuming there is such a device in the
network path).
--
> Jeremy Chadwick jdc@koitsu.org |
> UNIX Systems Administrator PGP 0x2A389531 |
> Making life hard for others since 1977. |
On Thu, Nov 08, 2018 at 08:49:48PM +0000, Brandon Gould via Outages wrote:
> Oh, interesting. So it's mangling the Dst/Src ports. Does it impact all TLS or just \
> a particular protocol ie. HTTP, MSSQL, etc.
> From: Outages <outages-bounces@outages.org> On Behalf Of Jordan Morris via Outages
> Sent: Thursday, November 8, 2018 2:38 PM
> To: outages@outages.org
> Subject: [outages] COX TLS/SSL Connections
>
> Anyone else seeing issues connecting to sites/services over TLS/SSL we a have a few \
> remote databases that we cannot connect to when TLS is enabled and we are \
> connecting from COX. We turn TLS off on the client it connects no prob. Same PC \
> connecting via Verizon hot spot with TLS on no problem. We are seeing seminar \
> issues at multiple COX sites in AZ. Very odd the IP/Dst Port are not being \
> filtered/dropped just when TLS is turned on. We have dropped a few of our locations \
> to the secondary ISP to get around the problem for now.
>
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages-discussion mailing list
Outages-discussion@outages.org
https://puck.nether.net/mailman/listinfo/outages-discussion
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic