[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

US internet providers hijacking users' search queries

Subject: US internet providers hijacking users' search queries
From: khelms at ispalliance.net (Scott Helms)
Date: Sat, 06 Aug 2011 22:03:32 -0400
In-reply-to: <CAAAwwbUhQa_kdkPWbb2ed+521n70_WdE3OC+6GQ24r8=9=LYDw@mail.gmail.com>
References: <031222CBCF33214AB2EB4ABA279428A3E25B60D2D8@SJCPMAILBOX01.citrite.net> <[email protected]> <[email protected]> <[email protected]> <CAAAwwbUhQa_kdkPWbb2ed+521n70_WdE3OC+6GQ24r8=9=LYDw@mail.gmail.com>

Not trying to be obtuse, but none of the technical docs you cite appear 
to talk about HTTP proxies nor does the newswire report have any 
technical details.  I have tested several of the networks listed in the 
report and in none of the cases I saw was there HTTP proxy activity.  
Picking up on WCCP/TCS isn't that hard (I used to install those myself) 
so unless there is some functionality in IOS and/or JUNOS that allows I 
don't see it happening.  Paxfire can operate all of the proxies they 
want but the network infrastructure has to be able to pass the traffic 
over to those proxies and I don't see it (on at least 3 of the networks 
cited).



> What the FAQ doesn't tell you is that the Paxfire  appliances can 
> tamper with DNS
> traffic  received from authoritative DNS servers not operated by the ISP.
> A paxfire box can alter NXDOMAIN queries, and  queries that respond 
> with known search engines' IPs.
> to send your HTTP traffic to their HTTP proxies instead.
>
> Ty, http://netalyzr.icsi.berkeley.edu/blog/
> "
> In addition, some ISPs employ an optional, unadvertised Paxfire 
> feature that redirects the entire stream of affected customers' web 
> search requests to Bing, Google, and Yahoo via HTTP proxies operated 
> by Paxfire. These proxies seemingly relay most searches and their 
> corresponding results passively, in a process that remains invisible 
> to the user. Certain keyword searches, however, trigger active 
> interference by the HTTP proxies.
> "
>
> http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf
> http://newswire.xbiz.com/view.php?id=137208
>
>
> --
> -JH


-- 
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------

Follow-Ups:
- US internet providers hijacking users' search queries
  - From: damian at google.com (Damian Menscher)
- US internet providers hijacking users' search queries
  - From: morrowc.lists at gmail.com (Christopher Morrow)

References:
- US internet providers hijacking users' search queries
  - From: Bino.Gopal at citrix.com (Bino Gopal)
- US internet providers hijacking users' search queries
  - From: nanog-post at rsuc.gweep.net (Joe Provo)
- US internet providers hijacking users' search queries
  - From: khelms at ispalliance.net (Scott Helms)
- US internet providers hijacking users' search queries
  - From: nanog-post at rsuc.gweep.net (Joe Provo)
- US internet providers hijacking users' search queries
  - From: mysidia at gmail.com (Jimmy Hess)

Prev by Date: IPv6 end user addressing
Next by Date: US internet providers hijacking users' search queries
Previous by thread: US internet providers hijacking users' search queries
Next by thread: US internet providers hijacking users' search queries
Index(es):
- Date
- Thread