From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 688201389E2 for ; Thu, 25 Dec 2014 09:35:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 72DFDE0AA9; Thu, 25 Dec 2014 09:35:22 +0000 (UTC) Received: from mail-wg0-f52.google.com (mail-wg0-f52.google.com [74.125.82.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 53F2BE0883 for ; Thu, 25 Dec 2014 09:35:21 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id x12so12789779wgg.39 for ; Thu, 25 Dec 2014 01:35:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=1CmBhwYPIVtQp5R0dzK0X26LpAMrwudumJr423SQft8=; b=1GZByAfzfKTVNacCk/C3tCn+M68gYeAglS1djncsufxSRg4vnaYBHYtIlyCulfIzjZ L2uSy6uZekPeVAwABGNSoz/JCteLPvxzfz3mTJ9yF/zUO8z9TZvizyj8Hrg5JC/lO+QU xC1YXXqNAOQoU/Q6TVO3TrMlD+duziMedjlF5XS/mdgG2nztEeVuW7tOGCkr0/1AZqNk JhfaVNxtMmplAww6ZURryGcGRntcILAULAj0VXzGW5ge2tlG1EbtCKp9ACGvzvOLZBkT 7VYskI/i0hh7IQYT3sZY7/4NMq57E+kCUe7PNsmSSwO85qg72/hiCrHn+uwMnPdhMW6C tzYA== X-Received: by 10.194.82.97 with SMTP id h1mr72400347wjy.116.1419500120067; Thu, 25 Dec 2014 01:35:20 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id x6sm816593wjf.24.2014.12.25.01.35.18 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 25 Dec 2014 01:35:19 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] public wifi blocking ports Date: Thu, 25 Dec 2014 09:35:05 +0000 User-Agent: KMail/1.13.7 (Linux/3.17.7-gentoo; KDE/4.14.3; x86_64; ; ) References: <20141225074332.GG4205@syscon7> <549BCE2B.8020709@iinet.net.au> In-Reply-To: <549BCE2B.8020709@iinet.net.au> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5614306.jS1ScrQYok"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201412250935.15117.michaelkintzios@gmail.com> X-Archives-Salt: 2ac8a4f9-7969-4362-a4ad-fa4f0438805a X-Archives-Hash: e072e73968d43bc81809bd76f5e0b4cb --nextPart5614306.jS1ScrQYok Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thursday 25 Dec 2014 08:43:23 Bill Kenworthy wrote: > On 25/12/14 15:43, Joseph wrote: > > I've installed "zoiper" (this is an softphone app to connect to my > > Asterisk server) on my old phone and it works on my private network over > > wifi. > > I'm using standard IAX port 4569 to register, so this port is open on my > > firewall. > >=20 > > But when I catch an open public wifi network in a Mall or a Tim Horton > > "zoiper" failed to register. > >=20 > > Do they block outgoing ports of public WiFi networks? What are my > > alternatives? > >=20 > > I can open any port on my DD-Wrt and redirect it to my Asterisk server. >=20 > Quite often happens in this part of the world. I run an openvpn ssl vpn > on port 443 with an ssl multiplexor on the server end - route all the > voip traffic through the vpn. Doesnt work well if bandwidth is really > constrained but its the difference between having at least something or > nothing at all. >=20 > BillK Most public WiFi hot spots in Europe, especially in multinational coffee sh= op=20 chains, not only block privileged ports to thwart SOCK proxies, ssh, ipsec,= et=20 al., but also use deep-packet inspection and Man-In-The-Middle attack to=20 decrypt your TLS connection to http, https, IMAP4, and POP3 and check your= =20 payload. They do this to make sure that you are not some unsavoury charact= er,=20 using their Internet connection for questionable activities. A number of=20 companies (like Websense) offer this kind of helpful services to those who= =20 need to spy on our private communications. If you check the SSL certificate that is returned from e.g. gmail, you'll s= ee=20 that it has not been issued by gmail, or their CA. Most client application= s=20 should warn you when you try to connect to a website over TLS. In such cas= es=20 I would consider your communications over this channel compromised, should = you=20 decide to proceed. =2D-=20 Regards, Mick --nextPart5614306.jS1ScrQYok Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJUm9pTAAoJELAdA+zwE4YeOEYIALxvzviXLm4NAn29elrDspu/ RgOwYlLdIy7HCktNSPbSj7o9d/AEGcy+RJpoK6Ko24klPk30KNNjFHh5EHZrwRid eGq3qcAr3PtwkWTkbxK2YMP95xZJbHov2ieONP/hkOgZ1lfFz/UWN4k0URJjI9cl hlN+ANuO9P2OJUN0P+G8s2GuPciZ1g9sHwiZOAUTHtASs4jWjzplQZFb7DXIgWOB lJV8v58FiCFIRBTJkvYi616FPUOfjJpA4uJloU5twJlYCELi2PbMDtDdIeoIEg8f hNd0LlF80C6OJ705SEWPdvu+gVM36aPxQbXftH3I9aKPSrqHtTYRrpRsb/KYCeI= =IL2B -----END PGP SIGNATURE----- --nextPart5614306.jS1ScrQYok--