[e2e] Detecting middle boxes

[Melinda Shore]

At 01:26 PM 2/11/02 -0600, John Kristoff wrote:
>I think my reply to David earlier was lost, but I like the idea of
>trying to find ways for the ends to detect middle boxes.  One unoriginal
>idea might be to use traceroute style packets using common middle box
>altering packet types.  So instead of the typical ICMP/UDP traceroute
>packets, use TCP port 25, 53 or 80 packets, increasing the TTL to map
>out the route.

As I posted earlier, I've got a draft describing a mechanism
to do something similar for NATs and firewalls and am currently
working on a revision.  

Note that TED uses this technique to find security gateways and
that this approach is currently under consideration in ipsp.

>However, I suspect for many environments, you wouldn't get the
>unreachables back (e.g. strict firewall policies), which would make this
>technique unusable.

Yes and no - these are policy issues, and in the case where an ISP
or whomever doesn't want their firewall found things would be
working as planned *by the guys that own the network*.

Like it or no the economics behind networking have changed so much
in the past 25 years that it's inevitable that it's affected the
technology.  There are actually now more pressures against 
transparency than in favor of it, from an economic perspective.

Melinda