Vulnerability Development mailing list archives
Re: Comcast man-in-the-middle attack
From: jon schatz <jon () divisionbyzero com>
Date: 08 Feb 2002 14:19:32 -0800
On Fri, 2002-02-08 at 13:27, J Edgar Hoover wrote:
This is standard behavior for a transparent web proxy. Nothing new here. These have been around for a while, and Inktomi is not the only company to deploy one. Hell, you can do this with squid and ipchains: http://www.linuxpowered.com/archive/mini/TransparentProxy.html#toc5Whether the device is performing correctly is not the question. The question is whether the device is appropriate at all in this context.
It certainly is. Comcast (like all ISPS) sells alot more bandwidth than they actually have. Without some type of caching system, their network performance would suffer greatly.
Once again, standard behavior for a proxy request. Most (if not all) proxies are dependant on a partial HTTP/1.1. implementation, and without the host header, all would be lost...It may be "standard behavior", but it is incorrect behavior. If I send a packet to my office, I expect it to go to my office, not comcast's.
But you're not sending just any packet. you're sending an http request. We dealt with this issue at my previous employer, and non-http requests on port 80 were just passed through without any interference.
They log the requested URL, and the response. They log it to a network storage device, that is simultaneously accessed by datamining software. This gets passwords, contents of webmail, web bbs posts, news you read, etc.. What part of this is *not* snooping?
Does their privacy statement or EULA state this? If so, find a new provider. If not, why would you assume that it's happening?
Incidently, the IP of one of the machines I used to test the evil proxy this week is now blocked. This isn't speculation, they've already started censoring.
I truly don't buy it. No offense, but your level of paranoia seems to match your email handle. I mean, if they really wanted to track all network data, why not just run tcpdump on a machine somewhere near their outside POP? that would be a lot easier (and less expensive) than buying some proprietary inkotmi software. -- jon () divisionbyzero com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Comcast man-in-the-middle attack J Edgar Hoover (Feb 07)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack Crist J. Clark (Feb 09)
- Re: Comcast man-in-the-middle attack Alen Capalik (Feb 09)
- Re: Comcast man-in-the-middle attack - tech J Edgar Hoover (Feb 09)
- Re: Comcast man-in-the-middle attack - ethics J Edgar Hoover (Feb 09)
- Re: Comcast man-in-the-middle attack - ethics Blue Boar (Feb 09)
- Re: Comcast man-in-the-middle attack - ethics John Hall (Feb 10)
- Re: Comcast man-in-the-middle attack - ethics J Edgar Hoover (Feb 10)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- RE: Comcast man-in-the-middle attack Thomas J. Arseneault (Feb 08)