On 2014/05/21 16:37 , Ondřej Caletka wrote:
Dne 21.5.2014 13:45, Daniel Karrenberg napsal(a):
It seems to me that just trying port 22 if no contact can be made on 443 should be added to the requested features list. The reason being that probes could then work in places where policy allows 22. However I agree that the priority should be low considering the small number of cases this would fix and the likelihood that measurements would be affected by middle boxes as well.
I agree completely. The only question is, what are atlas probes supposed to measure, Internet infrastructure or "eyeball" perspective of the Internet? From what I see, the objective is somewhere in the middle with probes installed both in datacentres (measuring infrastructure) as well as at users homes (measuring eyeballs). If measuring the users experience is legitimate use case, then it shouldn't be problem to have some middleboxes on the way.
My experience is that probes at users' homes just work. There are a few gotchas but most work. Probes that cause trouble are usually where somebody explicitly tried to configure something in the network, firewalls, etc. I'm curious what this firewall is trying to do. If it allows unrestricted outbound connectivity over ssh, but not ssh on port 443. What is that rule trying to protect? Philip