Re: Comcast man-in-the-middle attack

From: jon schatz (jonat_private)
Date: Fri Feb 08 2002 - 14:19:32 PST

Next message: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"

Previous message: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
In reply to: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Next in thread: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Reply: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Reply: Thomas J. Arseneault: "RE: Comcast man-in-the-middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2002-02-08 at 13:27, J Edgar Hoover wrote:
> > This is standard behavior for a transparent web proxy. Nothing new here.
> > These have been around for a while, and Inktomi is not the only company
> > to deploy one. Hell, you can do this with squid and ipchains:
> >
> > http://www.linuxpowered.com/archive/mini/TransparentProxy.html#toc5
> 
> Whether the device is performing correctly is not the question. The
> question is whether the device is appropriate at all in this context.

It certainly is. Comcast (like all ISPS) sells alot more bandwidth than
they actually have. Without some type of caching system, their network
performance would suffer greatly.

> > Once again, standard behavior for a proxy request. Most (if not all)
> > proxies are dependant on a partial HTTP/1.1. implementation, and without
> > the host header, all would be lost...
> 
> It may be "standard behavior", but it is incorrect behavior. If I send a
> packet to my office, I expect it to go to my office, not comcast's.

But you're not sending just any packet. you're sending an http request.
We dealt with this issue at my previous employer, and non-http requests
on port 80 were just passed through without any interference.

> They log the requested URL, and the response. They log it to a network
> storage device, that is simultaneously accessed by datamining software.
> This gets passwords, contents of webmail, web bbs posts, news you read,
> etc.. What part of this is *not* snooping?

Does their privacy statement or EULA state this? If so, find a new
provider. If not, why would you assume that it's happening?

> Incidently, the IP of one of the machines I used to test the evil proxy
> this week is now blocked. This isn't speculation, they've already started
> censoring.

I truly don't buy it. No offense, but your level of paranoia seems to
match your email handle. I mean, if they really wanted to track all
network data, why not just run tcpdump on a machine somewhere near their
outside POP? that would be a lot easier (and less expensive) than buying
some proprietary inkotmi software.

-- 
jonat_private || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

application/pgp-signature attachment: This is a digitally signed message part

Next message: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Previous message: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
In reply to: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Next in thread: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Reply: J Edgar Hoover: "Re: Comcast man-in-the-middle attack"
Reply: Thomas J. Arseneault: "RE: Comcast man-in-the-middle attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 17:43:07 PST