AT&T mobile intercepting TCP sockets?

Mon May 21 20:10:43 UTC 2018

IME ATT has intercepted virtually everything on mobile (this is on a hotspot) -

If I curl a HTTP vs HTTPS site, I get a different IP on each (one is obviously a shared web proxy); if I download images, they won't match md5-wise with the original version, etc. I have trouble connecting to VPNs that aren't standard SSL VPNs. They appear to MITM all web traffic they can. Using third party DNS servers has questionable results.

On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote:
> I ran into an odd issue with access to a website I manage from AT&T
> mobile devices this weekend.  The website worked for everybody not on
> AT&T mobile, and AT&T mobile users could access other sites; the problem
> was just this combination.
> 
> Android and iOS phones, as well as a Linux system tethered to an Android
> phone, all had the same problem.  On the Linux system, I disabled IPv6
> in Firefox, and it could then connect.  Browsers got various "connection
> reset" type errors; on Linux, I could telnet to port 80 or 443, and it
> would connect and immediately close.
> 
> The site does have an IPv6 address, but I had missed getting the
> webserver to listen on IPv6 (my mistake).  Adding that looks to have
> solved the problem.
> 
> When I ran tcpdump on the server and had someone try to connect from
> their AT&T mobile iPhone, I saw three connection attempts a few tenths
> of a second apart (all refused by the server).
> 
> My question is this: is AT&T mobile intercepting the TCP socket (and
> not handling "connection refused" correctly)?  Is that a known thing?
> 
> -- 
> Chris Adams <cma at cmadams.net>