AT&T mobile intercepting TCP sockets?
Eric Kuhnke
eric.kuhnke at gmail.com
Mon May 21 22:08:12 UTC 2018
Oh, I'm sure that'll never be abused by any hostile nation-state-owned
monopoly telecom that likes to block/ban/MITM traffic, ever!
On Mon, May 21, 2018 at 1:53 PM, Ca By <cb.list6 at gmail.com> wrote:
> On Mon, May 21, 2018 at 1:11 PM <lists at as23738.net> wrote:
>
> > IME ATT has intercepted virtually everything on mobile (this is on a
> > hotspot) -
> >
> > If I curl a HTTP vs HTTPS site, I get a different IP on each (one is
> > obviously a shared web proxy); if I download images, they won't match
> > md5-wise with the original version, etc. I have trouble connecting to
> VPNs
> > that aren't standard SSL VPNs. They appear to MITM all web traffic they
> > can. Using third party DNS servers has questionable results.
> >
>
> AT&Fee is also a key player in undermining http2 security with their
> “trusted proxy”
>
> https://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01
>
>
>
>
> >
> > On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote:
> > > I ran into an odd issue with access to a website I manage from AT&T
> > > mobile devices this weekend. The website worked for everybody not on
> > > AT&T mobile, and AT&T mobile users could access other sites; the
> problem
> > > was just this combination.
> > >
> > > Android and iOS phones, as well as a Linux system tethered to an
> Android
> > > phone, all had the same problem. On the Linux system, I disabled IPv6
> > > in Firefox, and it could then connect. Browsers got various
> "connection
> > > reset" type errors; on Linux, I could telnet to port 80 or 443, and it
> > > would connect and immediately close.
> > >
> > > The site does have an IPv6 address, but I had missed getting the
> > > webserver to listen on IPv6 (my mistake). Adding that looks to have
> > > solved the problem.
> > >
> > > When I ran tcpdump on the server and had someone try to connect from
> > > their AT&T mobile iPhone, I saw three connection attempts a few tenths
> > > of a second apart (all refused by the server).
> > >
> > > My question is this: is AT&T mobile intercepting the TCP socket (and
> > > not handling "connection refused" correctly)? Is that a known thing?
> > >
> > > --
> > > Chris Adams <cma at cmadams.net>
> >
>
More information about the NANOG
mailing list