mailing list archives
Re: US internet providers hijacking users' search queries
From: Scott Helms <khelms () ispalliance net>
Date: Sat, 06 Aug 2011 22:03:32 -0400
Not trying to be obtuse, but none of the technical docs you cite appear
to talk about HTTP proxies nor does the newswire report have any
technical details. I have tested several of the networks listed in the
report and in none of the cases I saw was there HTTP proxy activity.
Picking up on WCCP/TCS isn't that hard (I used to install those myself)
so unless there is some functionality in IOS and/or JUNOS that allows I
don't see it happening. Paxfire can operate all of the proxies they
want but the network infrastructure has to be able to pass the traffic
over to those proxies and I don't see it (on at least 3 of the networks
What the FAQ doesn't tell you is that the Paxfire appliances can
tamper with DNS
traffic received from authoritative DNS servers not operated by the ISP.
A paxfire box can alter NXDOMAIN queries, and queries that respond
with known search engines' IPs.
to send your HTTP traffic to their HTTP proxies instead.
In addition, some ISPs employ an optional, unadvertised Paxfire
feature that redirects the entire stream of affected customers' web
search requests to Bing, Google, and Yahoo via HTTP proxies operated
by Paxfire. These proxies seemingly relay most searches and their
corresponding results passively, in a process that remains invisible
to the user. Certain keyword searches, however, trigger active
interference by the HTTP proxies.
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum