Re: AT&T mobile intercepting TCP sockets?

[Ca By <cb.list6 () gmail com>]

On Mon, May 21, 2018 at 1:11 PM <lists () as23738 net> wrote:

> IME ATT has intercepted virtually everything on mobile (this is on a
> hotspot) -
>
> If I curl a HTTP vs HTTPS site, I get a different IP on each (one is
> obviously a shared web proxy); if I download images, they won't match
> md5-wise with the original version, etc. I have trouble connecting to VPNs
> that aren't standard SSL VPNs. They appear to MITM all web traffic they
> can. Using third party DNS servers has questionable results.

AT&Fee is also a key player in undermining http2 security with their
“trusted proxy”

https://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01




> On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote:
> > I ran into an odd issue with access to a website I manage from AT&T
> > mobile devices this weekend.  The website worked for everybody not on
> > AT&T mobile, and AT&T mobile users could access other sites; the problem
> > was just this combination.
> >
> > Android and iOS phones, as well as a Linux system tethered to an Android
> > phone, all had the same problem.  On the Linux system, I disabled IPv6
> > in Firefox, and it could then connect.  Browsers got various "connection
> > reset" type errors; on Linux, I could telnet to port 80 or 443, and it
> > would connect and immediately close.
> >
> > The site does have an IPv6 address, but I had missed getting the
> > webserver to listen on IPv6 (my mistake).  Adding that looks to have
> > solved the problem.
> >
> > When I ran tcpdump on the server and had someone try to connect from
> > their AT&T mobile iPhone, I saw three connection attempts a few tenths
> > of a second apart (all refused by the server).
> >
> > My question is this: is AT&T mobile intercepting the TCP socket (and
> > not handling "connection refused" correctly)?  Is that a known thing?
> >
> > --
> > Chris Adams <cma () cmadams net>