This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
- Previous message (by thread): [atlas] NTT Communications (US, Miami) has joined RIPE Atlas anchors
- Next message (by thread): [atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ondřej Caletka
Ondrej.Caletka at cesnet.cz
Wed May 21 09:26:59 CEST 2014
Hello list, I just observed strange behaviour of one Atlas probe. It was unable to connect to the control server from a corporate network. I suspect that some IDS/IPS appliance detects and drops probe attempt to use port 443 for non-TLS traffic*. I've tested it by trying to SSH to control server from within that network and it failed. However, normal SSH to port 22 works fine. It would be nice if the probe would be able to try more ways to reach the control server, eg. first attempt on port 443, second on port 22, third on some arbitrary high port number. I know that it would be better to put the probe in front of the firewall/IPS, but this is much more complicated in many corporate networks. *) At least it doesn't do MitM on HTTPs traffic. I've checked that too. Cheers, Ondřej Caletka -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5563 bytes Desc: Elektronicky podpis S/MIME URL: </ripe/mail/archives/ripe-atlas/attachments/20140521/7bf2a73c/attachment.p7s>
- Previous message (by thread): [atlas] NTT Communications (US, Miami) has joined RIPE Atlas anchors
- Next message (by thread): [atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]