Vulnerability Development mailing list archives
Comcast man-in-the-middle attack
From: J Edgar Hoover <zorch () totally righteous net>
Date: Thu, 7 Feb 2002 20:33:42 -0800 (PST)
Comcast "transitioned" my city from @home about a month ago. In the past week, they implimented what appears to be an Inktomi Traffic-Server transparent cache at 68.34.76.99. This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for subsidiaries or resale to marketers. Maybe they want to do their part in The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data. And yes, they have purchased a lot of the specific, unique hardware that is required to do all this logging. If a comcast victim/customer sends a packet to port 80 at any IP address, it is intercepted by the Inktomi Traffic-Server, the contents of the packet are examined for the GET url and the "Host:" field. The Inktomi Traffic-Server then sends the http request on to your destination from it's address with modified content and headers. It then caches the returned data, changes both the header and the content, and sends the packet to your machine with the spoofed IP of the server you had requested. This allows them to monitor and change (or insert ads into) what you read. Interestingly, regardless of what IP you address the packet to, the Inktomi Traffic-Server reads the Host: field to determine where to send the packet. I sent several packets from my home machine to one of my office machines, inside the packet was "Host: www.comcast.net". Comcast illegally intercepted, misinterpreted and altered this packet, and sent it to www.comcast.com. So, you might say there's a bug in this evil Inktomi Traffic-Server thing. Oh, US Code TITLE 18, PART I, CHAPTER 119, Sec. 2511. (2) (a) (i) "...a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks." Does federal law only apply when a little guy snoops on a big corporation? Where are the feds now?
Current thread:
- Comcast man-in-the-middle attack J Edgar Hoover (Feb 07)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)
- Re: Comcast man-in-the-middle attack Crist J. Clark (Feb 09)
- Re: Comcast man-in-the-middle attack Alen Capalik (Feb 09)
- Re: Comcast man-in-the-middle attack - tech J Edgar Hoover (Feb 09)
- Re: Comcast man-in-the-middle attack - ethics J Edgar Hoover (Feb 09)
- Re: Comcast man-in-the-middle attack - ethics Blue Boar (Feb 09)
- Re: Comcast man-in-the-middle attack J Edgar Hoover (Feb 08)
- Re: Comcast man-in-the-middle attack jon schatz (Feb 08)