Comments on: The Great Wall of Vodacom – FAIL http://jkroon.blogs.uls.co.za/it/security/the-great-wall-of-vodacom-fail Ultimate Linux Solutions Sat, 07 Jan 2012 13:57:16 +0200 hourly 1 http://wordpress.org/?v=3.3.1 By: Jaco Kroon http://jkroon.blogs.uls.co.za/it/security/the-great-wall-of-vodacom-fail/comment-page-1#comment-373 Jaco Kroon Sun, 13 Jun 2010 18:11:14 +0000 http://jkroon.blogs.uls.co.za/?p=254#comment-373 I always just use tcpdump. The number of these problems I have are far and few between, and vary so much in nature that I believe it'll be difficult to write a tool to reliably test for all possible things that can go wrong. In terms of probing you can probably use nmap to see what's open and what not. The more interesting part as you suggest is the question surrounding non-TCP and non-UDP. I know that GRE works in combination with PPTP (as per above, when they don't break it). But other protocols may not work properly, this remains to be seen and I can't really comment. But brings me back to elementary networking ... the iso networking layer model. You have been given an IP right? Which is routable? So why does the ISP feel it's required to break the iso layer by looking at stuff anything higher than layer 3? Why do they feel it's required to look at anything inside the IP packets when that is all they actually need to look at in order to deliver traffic? I always just use tcpdump. The number of these problems I have are far and few between, and vary so much in nature that I believe it’ll be difficult to write a tool to reliably test for all possible things that can go wrong. In terms of probing you can probably use nmap to see what’s open and what not.

The more interesting part as you suggest is the question surrounding non-TCP and non-UDP. I know that GRE works in combination with PPTP (as per above, when they don’t break it). But other protocols may not work properly, this remains to be seen and I can’t really comment. But brings me back to elementary networking … the iso networking layer model. You have been given an IP right? Which is routable? So why does the ISP feel it’s required to break the iso layer by looking at stuff anything higher than layer 3? Why do they feel it’s required to look at anything inside the IP packets when that is all they actually need to look at in order to deliver traffic?

]]> By: Gert http://jkroon.blogs.uls.co.za/it/security/the-great-wall-of-vodacom-fail/comment-page-1#comment-242 Gert Tue, 25 May 2010 19:00:58 +0000 http://jkroon.blogs.uls.co.za/?p=254#comment-242 Is there any decent TCP testers? It will make debugging (mostly firewall caused) TCP-issues a lot easier... (Cisco firewalls also mess around with TCP flags, which breaks some applications... They also mess around with the ISN by default) It should be able to test most TCP features (transfers, sequence numbers, urgent flag, common extensions) and give you an idea of what the network allows and what not... Back to 3G: I wonder if their "internet conenctions" actually work properly for non-TCP / UDP-based protocols... (such as SCTP-based protocols...) Is there any decent TCP testers? It will make debugging (mostly firewall caused) TCP-issues a lot easier… (Cisco firewalls also mess around with TCP flags, which breaks some applications… They also mess around with the ISN by default)

It should be able to test most TCP features (transfers, sequence numbers, urgent flag, common extensions) and give you an idea of what the network allows and what not…

Back to 3G: I wonder if their “internet conenctions” actually work properly for non-TCP / UDP-based protocols… (such as SCTP-based protocols…)

]]>