nanog mailing list archives
Re: US internet providers hijacking users' search queries
From: Jimmy Hess <mysidia () gmail com>
Date: Sat, 6 Aug 2011 13:25:18 -0500
On Sat, Aug 6, 2011 at 12:08 PM, Joe Provo <nanog-post () rsuc gweep net>wrote:
On Sat, Aug 06, 2011 at 10:41:10AM -0400, Scott Helms wrote:Correct, I don't believe that any of the providers noted are actually[snip] Disappointing that nanog readers can't read http://www.paxfire.com/faqs.php and get
a clue, instead all the mouth-flapping about MItM and https. a clue,
instead all the mouth-flapping about MItM and https. While
Maybe instead of jumping to the conclusion NANOG readuers should "get a clue", you should actually do a little more research than reading a glossyware/ vacant FAQ that doesn't actually explain everything Paxfire is reported to do, how it works, and what the criticism is? I mean... don't you see a problem relying on _their own publication_ to say what they are doing, when they might like to keep their methods quiet to avoid negative attention? Changing NXDOMAIN queries to an ISP's _own_ recursive servers is old hat, and not the issue. What the FAQ doesn't tell you is that the Paxfire appliances can tamper with DNS traffic received from authoritative DNS servers not operated by the ISP. A paxfire box can alter NXDOMAIN queries, and queries that respond with known search engines' IPs. to send your HTTP traffic to their HTTP proxies instead. Ty, http://netalyzr.icsi.berkeley.edu/blog/ " In addition, some ISPs employ an optional, unadvertised Paxfire feature that redirects the entire stream of affected customers' web search requests to Bing, Google, and Yahoo via HTTP proxies operated by Paxfire. These proxies seemingly relay most searches and their corresponding results passively, in a process that remains invisible to the user. Certain keyword searches, however, trigger active interference by the HTTP proxies. " http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf http://newswire.xbiz.com/view.php?id=137208 -- -JH
Current thread:
- Re: US internet providers hijacking users' search queries, (continued)
- Re: US internet providers hijacking users' search queries Mark Andrews (Aug 06)
- Re: US internet providers hijacking users' search queries Jeff Kell (Aug 05)
- Re: US internet providers hijacking users' search queries Matthew Palmer (Aug 05)
- Re: US internet providers hijacking users' search queries Jimmy Hess (Aug 05)
- Re: US internet providers hijacking users' search queries Bradford Chatterjee (Aug 05)
- Re: US internet providers hijacking users' search queries Valdis . Kletnieks (Aug 05)
- Re: US internet providers hijacking users' search queries Joe Provo (Aug 05)
- Re: US internet providers hijacking users' search queries Scott Helms (Aug 06)
- Re: US internet providers hijacking users' search queries Owen DeLong (Aug 06)
- Re: US internet providers hijacking users' search queries Joe Provo (Aug 06)
- Re: US internet providers hijacking users' search queries Jimmy Hess (Aug 06)
- Re: US internet providers hijacking users' search queries Scott Helms (Aug 06)
- Re: US internet providers hijacking users' search queries Damian Menscher (Aug 06)
- Re: US internet providers hijacking users' search queries Christopher Morrow (Aug 09)
- Re: US internet providers hijacking users' search queries Cameron Byrne (Aug 09)
- Re: US internet providers hijacking users' search queries Christopher Morrow (Aug 09)
- Re: US internet providers hijacking users' search queries David Conrad (Aug 09)
- Re: US internet providers hijacking users' search queries Christopher Morrow (Aug 09)
- Re: US internet providers hijacking users' search queries Scott Helms (Aug 06)
- Re: US internet providers hijacking users' search queries Joe Provo (Aug 09)
- Re: US internet providers hijacking users' search queries Oren Levin (Aug 09)
- Re: US internet providers hijacking users' search queries Christopher Morrow (Aug 09)