[JDEV] Thoughts about AOL blocking IPs
Matthias Wimmer
jabber at matthias-wimmer.de
Tue Jan 8 15:59:39 CST 2002
Hi!
For some time now I thought about some possible ways to make it harder for AOL
to block the IPs of the jabber servers.
I was told that jabber.org already experimented with using dynamic IPs for the
AIM transport but without success. Could somebody please give me/us some
information on the problems they had?
Some of the thoughts I had:
- If AOL is blocking IPs we have to use addresses that are harder to block. So
in my opinion it would be good to use addresses within the address space used
for dial up lines with dynamic IPs.
One problem for that is that if you have to change your IP regularly (lets say
every some hours) the connection to the AOL network gets broken with the
reconnect. So there should be implemented some mechanism to (user-)transparently
reconnect to ICQ/AIM.
- The jabber server itself has to be on a static IP, the transport as shown
above should be on a changing one. I think that can be best implemented by
running the transport on an other host than the server. Different ways that
could be done:
1. Using DNS entries for the transport that have a very short TTL
and updating them every time the transport changes IP.
This method is used for providing domain names to dial up users
by services like dyndns.org.
On the domain of that "dynamic DNS entry" we'll operate a jabber
server just for running the transport.
2. Setting up a VPN connection between the server and the transport.
The transport and server will then connect to each other over
the tunnel with some 192.168.x.x addresses. Other connections
the transport establishes (outside the 192.168.x.y net) will use
the dynamic IP address.
3. Using the normal way to connect a transport running in its own
process to the main server.
One thought that was suggested in JDEV is to implement the AIM protocoll in
every jabber client. I realy don't like that idea. It's completely against the
jabber concept.
But what could be done is to keep the transport running on the server and
enhance the clients in a way that they work as relay between the transport an
AOL. The transport is not communicating directly with the AOL servers but
sending the data stream to the client that forwards it to the AOL servers.
(I still have to say that I don't like that idea very much. But it's at least
better then implementing the hole transport on the client.)
Also it would be possible to develop a system that works similar to a "backward
SOCKS" server: There will be a pool of (trusted - yeah, that's a con) users
behind dynamic-ip dial-up lines. Whenever they connect for a longer time to the
internet they will inform the AIM transport about that and tell the IP.
Whenever the AIM transport has to establish a new connection to the AOL servers
it looks into its cache of previously announced possible relays. It will pick
one of them (a newer entry in hope that this one will stay online for some time)
and forward all traffic for that connection over this relay.
I know ... the ideas are not perfect yet. But maybe they can be improved ...
Tot kijk
Matthias
More information about the JDev
mailing list