[atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection

On 2014/05/21 16:37 , Ondřej Caletka wrote:
> Dne 21.5.2014 13:45, Daniel Karrenberg napsal(a):
>> It seems to me that just trying port 22 if no contact can be made on 443
>> should be added to the requested features list. The reason being that
>> probes could then work in places where policy allows 22. However I agree
>> that the priority should be low considering the small number of cases
>> this would fix and the likelihood that measurements would be affected by
>> middle boxes as well.
> 
> I agree completely. The only question is, what are atlas probes supposed
> to measure, Internet infrastructure or "eyeball" perspective of the
> Internet? From what I see, the objective is somewhere in the middle with
> probes installed both in datacentres (measuring infrastructure) as well
> as at users homes (measuring eyeballs).
> If measuring the users experience is legitimate use case, then it
> shouldn't be problem to have some middleboxes on the way.

My experience is that probes at users' homes just work. There are a few
gotchas but most work.

Probes that cause trouble are usually where somebody explicitly tried to
configure something in the network, firewalls, etc.

I'm curious what this firewall is trying to do. If it allows
unrestricted outbound connectivity over ssh, but not ssh on port 443.
What is that rule trying to protect?

Philip