[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: IP: Comcast man-in-the-middle attack (fwd)

To: <debate@lists.fitug.de>
Subject: Fw: IP: Comcast man-in-the-middle attack (fwd)
From: Heiko Recktenwald <uzs106@ibm.rhrz.uni-bonn.de>
Date: Sat, 9 Feb 2002 17:12:13 +0100 (CET)
Delivered-To: mailing list debate@lists.fitug.de
List-Help: <mailto:debate-help@lists.fitug.de>
List-Id: <debate.lists.fitug.de>
List-Post: <mailto:debate@lists.fitug.de>
List-Subscribe: <mailto:debate-subscribe@lists.fitug.de>
List-Unsubscribe: <mailto:debate-unsubscribe@lists.fitug.de>
Mailing-List: contact debate-help@lists.fitug.de; run by ezmlm

> >>Comcast "transitioned" my city from @home about a month ago. In the past
> >>week, they implimented what appears to be an Inktomi Traffic-Server
> >>transparent cache at 68.34.76.99.
> >>
> >>This allows them to not only log all http requests, but to also log the
> >>response. Maybe they want to profile their customer browsing history for
> >>subsidiaries or resale to marketers. Maybe they want to do their part in
> >>The War on Freedom. Maybe they just want passwords to porn sites.
> >>Apparently they aren't using it to maximize bandwidth, because it's not
> >>configured to serve cached data.
> >>
> >>And yes, they have purchased a lot of the specific, unique hardware that
> >>is required to do all this logging.
> >>
> >>If a comcast victim/customer sends a packet to port 80 at any IP address,
> >>it is intercepted by the Inktomi Traffic-Server, the contents of the
> >>packet are examined for the GET url and the "Host:" field. The Inktomi
> >>Traffic-Server then sends the http request on to your destination from
> >>it's address with modified content and headers. It then caches the
> >>returned data, changes both the header and the content, and sends the
> >>packet to your machine with the spoofed IP of the server you had
> >>requested.
> >>
> >>This allows them to monitor and change (or insert ads into) what
> >>you read.
> >>
> >>Interestingly, regardless of what IP you address the packet to, the
> >>Inktomi Traffic-Server reads the Host: field to determine where to send
> >>the packet. I sent several packets from my home machine to one of my
> >>office machines, inside the packet was "Host: www.comcast.net". Comcast
> >>illegally intercepted, misinterpreted and altered this packet, and sent
> it
> >>to www.comcast.com. So, you might say there's a bug in this evil Inktomi
> >>Traffic-Server thing.
> >>
> >>Oh,
> >>
> >>
> >>US Code TITLE 18, PART I, CHAPTER 119, Sec. 2511. (2) (a) (i)
> >>
> >>
> >>"...a provider of wire communication service to the public shall not
> >>utilize service observing or random monitoring except for mechanical or
> >>service quality control checks."
> >>
> >>Does federal law only apply when a little guy snoops on a big
> corporation?
> >>Where are the feds now?


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de

Prev by Date: Re: [FYI/heise] Copyright-Wächter wollenUni-Unterstützung gegenP2P-Tauschbörsen
Next by Date: Re: [FYI/heise] Copyright-W?chter wollen Uni-Unterst?tzung gegen P2P-Tauschb?rsen
Prev by thread: [FYI] Regulated Self-Regulation as a Form of Modern Government
Next by thread: [FYI] Encyrption - "CIA's Tenet Says al-Qa'ida Still a Serious Threat"
Index(es):
- Date
- Thread