This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection

Previous message (by thread): [atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
Next message (by thread): [atlas] a thought about public probe page...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Karrenberg daniel at karrenberg.net
Wed May 21 18:10:40 CEST 2014

On 21.05.14 16:58 , Philip Homburg wrote:
> ...
> 
> I'm curious what this firewall is trying to do. If it allows
> unrestricted outbound connectivity over ssh, but not ssh on port 443.
> What is that rule trying to protect?

That is all an interesting discussion but not all that useful.

Our decision to use 443 comes from our experience/expectation that 443
is more permeable than 22. However the protocol we are running "belongs"
on 22 and it is somewhat silly to not use that port when it is in fact
usable. So I think it is a reasonable request to use 22 when available.

Again: the relative priority of this is another question that depends on
the number of cases where 22 works and 443 does not. Currently I would
not expect this to happen often. But that may change as middle box
silliness increases.

So I suggest again to put it on the list of requests with low priority.

Daniel

Previous message (by thread): [atlas] Probe cannot connect from behind IDS/IPS with HTTPS inspection
Next message (by thread): [atlas] a thought about public probe page...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]