[e2e] Detecting middle boxes

Melinda Shore mshore at cisco.com
Tue Feb 12 06:31:26 PST 2002


At 12:08 PM 2/11/02 -0800, Christian Huitema wrote:
>A simple solution to detect a class of proxies is to have a cooperative
>responder on the Internet, to try to connect using port 25, 53, 80,
>etc., and to have the responder provide a response that returns the
>characteristics of the connection. If you want to do this seriously, the
>response should contain a hash of the incoming message (detect
>tampering) + a copy of the incoming IP address and port (detect address
>rewriting and port mapping); the response should be signed.

In the case where a network is multihomed you need to be able to
pick the correct responder with respect to the endpoint you're
trying to reach (or that is trying to reach you).  It's also not
going to be robust against middlebox failover, etc.  One could
argue that it's pushing a circuit orientation down a layer.
It's an unidiomatic solution in that it fails to integrate well 
with the basic characteristics of IP.

Melinda




More information about the end2end-interest mailing list