AT&T mobile intercepting TCP sockets?
Ca By
cb.list6 at gmail.com
Mon May 21 20:53:43 UTC 2018
On Mon, May 21, 2018 at 1:11 PM <lists at as23738.net> wrote:
> IME ATT has intercepted virtually everything on mobile (this is on a
> hotspot) -
>
> If I curl a HTTP vs HTTPS site, I get a different IP on each (one is
> obviously a shared web proxy); if I download images, they won't match
> md5-wise with the original version, etc. I have trouble connecting to VPNs
> that aren't standard SSL VPNs. They appear to MITM all web traffic they
> can. Using third party DNS servers has questionable results.
>
AT&Fee is also a key player in undermining http2 security with their
“trusted proxy”
https://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01
>
> On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote:
> > I ran into an odd issue with access to a website I manage from AT&T
> > mobile devices this weekend. The website worked for everybody not on
> > AT&T mobile, and AT&T mobile users could access other sites; the problem
> > was just this combination.
> >
> > Android and iOS phones, as well as a Linux system tethered to an Android
> > phone, all had the same problem. On the Linux system, I disabled IPv6
> > in Firefox, and it could then connect. Browsers got various "connection
> > reset" type errors; on Linux, I could telnet to port 80 or 443, and it
> > would connect and immediately close.
> >
> > The site does have an IPv6 address, but I had missed getting the
> > webserver to listen on IPv6 (my mistake). Adding that looks to have
> > solved the problem.
> >
> > When I ran tcpdump on the server and had someone try to connect from
> > their AT&T mobile iPhone, I saw three connection attempts a few tenths
> > of a second apart (all refused by the server).
> >
> > My question is this: is AT&T mobile intercepting the TCP socket (and
> > not handling "connection refused" correctly)? Is that a known thing?
> >
> > --
> > Chris Adams <cma at cmadams.net>
>
More information about the NANOG
mailing list