what is wrong with his suggestion? If you look at the situation the following things happen:
[EMAIL PROTECTED] ~]$ host www.cnn.com www.cnn.com has address 64.236.16.20 www.cnn.com has address 64.236.16.52 www.cnn.com has address 64.236.24.12 www.cnn.com has address 64.236.29.120 www.cnn.com has address 64.236.91.21 www.cnn.com has address 64.236.91.22 www.cnn.com has address 64.236.91.23 www.cnn.com has address 64.236.91.24 Host www.cnn.com not found: 3(NXDOMAIN) [EMAIL PROTECTED] ~]$ openssl s_client -connect www.cnn.com:443 [EMAIL PROTECTED] ~]# tcpdump -i wlan0 -ln tcp port 443 and net '64.236' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes 22:02:32.427607 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102380687 0,nop,wscale 7> 22:02:35.427467 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102383687 0,nop,wscale 7> 22:02:41.427496 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102389687 0,nop,wscale 7> 22:02:53.427470 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102401687 0,nop,wscale 7> 22:03:17.427469 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102425687 0,nop,wscale 7> 22:04:05.427466 IP 192.168.1.103.35113 > 64.236.24.12.https: S 2923208691:2923208691(0) win 5840 <mss 1460,sackOK,timestamp 102473687 0,nop,wscale 7> 22:05:41.427556 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102569687 0,nop,wscale 7> 22:05:44.427467 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102572687 0,nop,wscale 7> 22:05:50.427472 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102578687 0,nop,wscale 7> 22:06:02.428441 IP 192.168.1.103.47627 > 64.236.29.120.https: S 2954205762:2954205762(0) win 5840 <mss 1460,sackOK,timestamp 102590687 0,nop,wscale 7> If there are a ton of addresses associated with the hostname record you'd be sitting there for a long time, no? It'd be nice if sites sent a unreachable message but some ppl still believe that blocking all ICMP is ok... go figure. Cheers, Harry [EMAIL PROTECTED] wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > MAYBE YOU HAVE A SUGGESTION OR SOMETHING CONSTRUCTIVE TO SAY AFTER > ALL THESE YEARS VLADIS OR MAYBE YOU SHOULD SHUT THE FUCK UP!!! > > YOU AREN'T SMARTER THAN WE THINK YOU ARE > > On Fri, 12 Oct 2007 21:55:37 -0400 [EMAIL PROTECTED] wrote: >> On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said: >>> I just wanted to clarify that I am looking for an extension that >> will >>> rewrite all encountered HTTP references in Firefox to HTTPS. I >> would >>> already have a firewall or some other layer7 filtering device >> blocking >>> unencrypted traffic. The addon "Better Gmail" does something >> similar >>> to this, with the "force HTTPS" option, but not exactly... >> What should this hypothetical extension do if it automagically >> redirect >> http: to https:, but the target server is something that is only >> listening >> on port 80 because it doesn't have https: enabled? >> >> https://www.cnn.com just sorta sits there for me. > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Charset: UTF8 > Version: Hush 2.5 > > wpwEAQECAAYFAkcQJ40ACgkQ+dWaEhErNvQjfAQAhvRta2YldG0s+RPwOOYQJhmavq4c > uo/dTsCd3EQy6yQru6oGcmWR7CdCo8EvwoTpB0EwLgVW4z7/lujiayEMECV4zejTNztw > NSabygNoko5I8wh5trmqvoSb4RfPW79qEWLgTosECR1dsCu5FfXuKZhgQwbweWpi09gh > zDPTvGg= > =jxe7 > -----END PGP SIGNATURE----- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
