On 07/02/2013 17:52, Keith Moore wrote: > On 02/07/2013 12:13 PM, Dan Wing wrote: >> The technique used by both Apple and Microsoft is, when joining a new >> network, to attempt to retrieve a certain URI. Microsoft's procedure >> is described in >> http://technet.microsoft.com/en-us/library/cc766017%28v=ws.10%29.aspx, >> which queries www.msftncsi.com and needs to see 131.107.255.255 as >> the answer, and then does an HTTP GET. If anything is abnormal, it >> assumes there is a proxy on the path. Apple does something similar by >> attempting to retrieve https://www.apple.com/library/test/success.html. >> Unfortunately, this seems the best technique available to detect such >> DNS interception and HTTP interception proxies that force a login or >> force a click-through. >> >> For MIF -- not just HE-MIF, but all of MIF -- we should not declare an >> interface "up" until such a validation succeeds. It is unfortunate >> this is not solved at layer 2, where it arguably belongs. > > Would it be worthwhile for MIF to start making a list of things that > really need solutions elsewhere? Even if there are hacks or heuristics > that are used in the absence of such solutions?
The MS hack does a WGET on http://www.msftncsi.com/ncsi.txt and requires the correct text to be returned. An extension is http://ipv6.msftncsi.com/ncsi.txt, used to verify IPv6ness. It's supposed to resolve to 2001:450:2002:384::40d6:ce0b and again return the correct text. [Thanks to Dan Wing over on another list for this info.] Brian _______________________________________________ mif mailing list mif@ietf.org https://www.ietf.org/mailman/listinfo/mif
