US internet providers hijacking users' search queries
Scott Helms
khelms at ispalliance.net
Sun Aug 7 02:03:32 UTC 2011
Not trying to be obtuse, but none of the technical docs you cite appear
to talk about HTTP proxies nor does the newswire report have any
technical details. I have tested several of the networks listed in the
report and in none of the cases I saw was there HTTP proxy activity.
Picking up on WCCP/TCS isn't that hard (I used to install those myself)
so unless there is some functionality in IOS and/or JUNOS that allows I
don't see it happening. Paxfire can operate all of the proxies they
want but the network infrastructure has to be able to pass the traffic
over to those proxies and I don't see it (on at least 3 of the networks
cited).
> What the FAQ doesn't tell you is that the Paxfire appliances can
> tamper with DNS
> traffic received from authoritative DNS servers not operated by the ISP.
> A paxfire box can alter NXDOMAIN queries, and queries that respond
> with known search engines' IPs.
> to send your HTTP traffic to their HTTP proxies instead.
>
> Ty, http://netalyzr.icsi.berkeley.edu/blog/
> "
> In addition, some ISPs employ an optional, unadvertised Paxfire
> feature that redirects the entire stream of affected customers' web
> search requests to Bing, Google, and Yahoo via HTTP proxies operated
> by Paxfire. These proxies seemingly relay most searches and their
> corresponding results passively, in a process that remains invisible
> to the user. Certain keyword searches, however, trigger active
> interference by the HTTP proxies.
> "
>
> http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf
> http://newswire.xbiz.com/view.php?id=137208
>
>
> --
> -JH
--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------
More information about the NANOG
mailing list