Oh, I'm sure that'll never be abused by any hostile nation-state-owned monopoly telecom that likes to block/ban/MITM traffic, ever!
On Mon, May 21, 2018 at 1:53 PM, Ca By <cb.li...@gmail.com> wrote: > On Mon, May 21, 2018 at 1:11 PM <li...@as23738.net> wrote: > > > IME ATT has intercepted virtually everything on mobile (this is on a > > hotspot) - > > > > If I curl a HTTP vs HTTPS site, I get a different IP on each (one is > > obviously a shared web proxy); if I download images, they won't match > > md5-wise with the original version, etc. I have trouble connecting to > VPNs > > that aren't standard SSL VPNs. They appear to MITM all web traffic they > > can. Using third party DNS servers has questionable results. > > > > AT&Fee is also a key player in undermining http2 security with their > “trusted proxy” > > https://tools.ietf.org/html/draft-loreto-httpbis-trusted-proxy20-01 > > > > > > > > On Mon, May 21, 2018, at 12:35 PM, Chris Adams wrote: > > > I ran into an odd issue with access to a website I manage from AT&T > > > mobile devices this weekend. The website worked for everybody not on > > > AT&T mobile, and AT&T mobile users could access other sites; the > problem > > > was just this combination. > > > > > > Android and iOS phones, as well as a Linux system tethered to an > Android > > > phone, all had the same problem. On the Linux system, I disabled IPv6 > > > in Firefox, and it could then connect. Browsers got various > "connection > > > reset" type errors; on Linux, I could telnet to port 80 or 443, and it > > > would connect and immediately close. > > > > > > The site does have an IPv6 address, but I had missed getting the > > > webserver to listen on IPv6 (my mistake). Adding that looks to have > > > solved the problem. > > > > > > When I ran tcpdump on the server and had someone try to connect from > > > their AT&T mobile iPhone, I saw three connection attempts a few tenths > > > of a second apart (all refused by the server). > > > > > > My question is this: is AT&T mobile intercepting the TCP socket (and > > > not handling "connection refused" correctly)? Is that a known thing? > > > > > > -- > > > Chris Adams <c...@cmadams.net> > > >