you're not interesting, was Re: another brick in the wall[ed garden]
George Imburgia
nanog at armorfirewall.com
Sun May 17 08:34:43 UTC 2009
On Sat, 16 May 2009, Patrick W. Gilmore wrote:
> Assuming something like that happened, will a post to NANOG fix it? I don't
> know. Certainly has a non-zero chance. But trying to get Sprint, or any
> provider, to change because _you_ think what they are doing is not sane is,
> well, not sane.
In '02, I had a similar issue with Comcast, when they silently fired up
transparent proxy servers. It became apparent when, while working on a
remote web server, I was served up cached copies of the pages I was
editing.
My approach was two-pronged. First, I bitched loud and long on some
security lists about the MITM attack. Not only was it abusive as it was,
the potential for further abuse (tracking, ad insertion, theft of
sensitive data and intellectual property...) was significant. Eventually,
Ted Bridis of Associated Press picked it up and ran a story. The next day,
the issue was on the front page of nearly every newspaper in the english
speaking world, and then some, as well as network TV news.
Comcast has a large customer base, particularly in the DC area, and a lot
of very influential people (like federal judges) were not fond of having
their research and recreational web surfing intercepted.
The proxies went away within a few days, and several jurisdictions passed
laws prohibiting this. I'd suspect Sprint is violating some of these laws.
The other approach was; I sent exploit code addressed to one of my
machines. Comcast's servers stole this code and choked on it. It's
probably not illegal to send malicious code to a machine you own. If they
stole it and choked on it, it's their problem. But with the legal system
the way it is, you'll just have to use your imagination until the statute
of limitations expires.
Cheers,
George
More information about the NANOG
mailing list