[143343] in North American Network Operators' Group
Re: US internet providers hijacking users' search queries
daemon@ATHENA.MIT.EDU (Scott Helms)
Sat Aug 6 22:04:24 2011
Date: Sat, 06 Aug 2011 22:03:32 -0400
From: Scott Helms <khelms@ispalliance.net>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbUhQa_kdkPWbb2ed+521n70_WdE3OC+6GQ24r8=9=LYDw@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Not trying to be obtuse, but none of the technical docs you cite appear
to talk about HTTP proxies nor does the newswire report have any
technical details. I have tested several of the networks listed in the
report and in none of the cases I saw was there HTTP proxy activity.
Picking up on WCCP/TCS isn't that hard (I used to install those myself)
so unless there is some functionality in IOS and/or JUNOS that allows I
don't see it happening. Paxfire can operate all of the proxies they
want but the network infrastructure has to be able to pass the traffic
over to those proxies and I don't see it (on at least 3 of the networks
cited).
> What the FAQ doesn't tell you is that the Paxfire appliances can
> tamper with DNS
> traffic received from authoritative DNS servers not operated by the ISP.
> A paxfire box can alter NXDOMAIN queries, and queries that respond
> with known search engines' IPs.
> to send your HTTP traffic to their HTTP proxies instead.
>
> Ty, http://netalyzr.icsi.berkeley.edu/blog/
> "
> In addition, some ISPs employ an optional, unadvertised Paxfire
> feature that redirects the entire stream of affected customers' web
> search requests to Bing, Google, and Yahoo via HTTP proxies operated
> by Paxfire. These proxies seemingly relay most searches and their
> corresponding results passively, in a process that remains invisible
> to the user. Certain keyword searches, however, trigger active
> interference by the HTTP proxies.
> "
>
> http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf
> http://newswire.xbiz.com/view.php?id=137208
>
>
> --
> -JH
--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------
