When I brought this thread up, I was wearing my "comcast customer" hat. In that context, I felt it was obviously inappropriate for my provider to be logging the content of my packets. Apparently many network admins/security professionals don't agree. Managing a network does at times require the use of invasive diagnostic tools, and network professionals need to defend their ability to use them. The appropriate use of these tools probably warrants discussion in an ethics thread. Other Comcast customers that have contacted me are more interested in the technical aspects. Questions like; "I currently have comcast and live in Maryland. I was wondering if this server could be one of the reasons why my inet connection has been awful for the last week and same with my friend who lives in the same area?" The Inktomi proxy server they are using uses a rather clumsy method, which does cause some functionality problems, and introduces significant and perceptable delay. Performance is greatly impaired by the use of this server. When a windows user "clicks a link", his machine uses dns to resolve the IP of the target machine. It then sends tcp traffic to the IP of the target, which is diverted to the Inktomi server. The Inktomi server then sets up the full tcp handshake, spoofing the IP of your target, and accepts the TCP packet(s) destined to your target. It parses the content for the Host: field, extracts the url, and again does a dns query to resolve the target IP, and finally sends your request along. All of this is extra wasted time introduced by the use of this server. The end result in my case is a perceptable delay in the start of an http connection, approx 2 seconds longer than it took a week ago. And some just don't work at all. Any argument that this "improves the quality of service" is utter BS. Being "security concious", they appear to be running BlackIce/RealSecure. Remote management via web browser appears to be enabled, but from a restricted set of IPs. SSH-1.99-OpenSSH_2.9p2 Zeus on port 9090. It appears to me that this machine is ownable. Being a law abiding citizen I would never do that. Only a bad guy would. So, my traffic is now available to comcast and any bad guy with the technical abilities and desire to look at it. What's new about that? Until a week ago, comcast hadn't provided a handy-dandy place for a bad guy to find my *logged* traffic. The only practical way he could get that info was to sniff in realtime, which introduces more problems than it is worth. Other than tunneling, I haven't found a way to avoid using this proxy for http. If anybody has any suggestions, I'd like to hear them. I'd also like to hear any comments about how to avoid/own/confuse/clutter/break/make this thing smoke. A little bird told me there are several ways to exploit this thing, but I'll leave that to others to explore, I have a feeling comcast is watching. z
This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 15:51:54 PST