On Fri, 3 Oct 2003, Major Variola (ret.) wrote:
Here, its not NAT turning people into consumers (cf Walker's Speak Freely rant), but a no-server policy which seems to be too broadly implemented --legit uses are also blocked.
Maybe time for UDP protocols, or TCP-to-UDP proxies. Over DNS ports :-)
Or a normal standard VPN. Either classical IPsec, or another implementation, eg. <http://www.openvpn.org/> which works over UDP on port 5000 (default), but can be reconfigured to eg. the mentioned 53. (The advantage of OpenVPN is also for the ISPs that demand additional charges for using VPNs and block IPsec packets for residential-grade users.) The adversary then can block 53 and demand use of their own resolvers. Then the VPN can be rewritten to use TCP connection over port 80, optionally with HTTPS proxy support. There is always a solution, if there is an accomplice "outside".
When SYNs are outlawed, only outlaws will SYN.
When brains are outlawed, only outlaws will think. (Seems the future goes in this direction.)