You thought it was just your local ISP messing with your HTTP traffic
Rayzer
Rayzer at riseup.net
Mon Apr 4 14:04:25 PDT 2016
From February this year:
Website-Targeted False Content Injection by Network Operators
Gabi Nakibly1,3, Jaime Schcolnik2, and Yossi Rubin3
1 Computer Science Department, Technion, Haifa, Israel
2Computer Science Department, Interdisciplinary Center, Herzliya,
Israel
3Rafael – Advanced Defense Systems, Haifa, Israel
Over the last few years there have been numerous reports of ISPs
that alter or proxy their customers’ traffic, including, for
example, CMA Communications in 2013 [6], Comcast in 2012 [16],
Mediacom in 2011 [9], WOW! in 2008 [27], and Rogers in 2007 [32].
Moreover, several extensive studies have brought the details of this
practice to light [17, 30, 25, 35]. The main motivations of ISPs to
alter traffic are to facilitate caching, inject advertisements into
DNS and HTTP error messages, and compress or transcode content.
All of these reports and studies found that these traffic
alterations were carried out exclusively by edge ISPs,namely, retail
ISPs that sell Internet access directly to end customers, and are
their “first hop” to the Internet. This finding stems from the
server-centric approach the above studies have taken. In this
approach, one or a handful of servers are deployed to deliver
specific content to users, after which a large number of clients are
solicited to fetch that content from the servers. Finally, an agent
on the clients – usually a JavaScript delivered by the server itself
– looks for deviations between the content delivered by the server
and that displayed to the user. Figure 1(a)illustrates the traffic
monitored in this server-centric approach.
Such an approach can be used to inspect the traffic of many clients
from diverse geographies who are served by different edge ISPs. The
main disadvantage of this approach is that the content fetched by
the clients is very specific. All clients fetch the same content
from the same web servers. This allows only the detection of network
entities that aim to modify all of the Internet traffic1 of a
predetermined set of users and are generally oblivious to the actual
content delivered to the user. Such entities indeed tend to be edge
ISPs that target only the traffic of their customers.
In this work we show that the above approach misses a substantial
portion of the on-path entities that modify traffic on the Internet.
Using extensive observations over a period of several weeks, we
analyzed petabits of Internet traffic carrying varied content
delivered by servers having over 1.5 million distinct IP addresses.
We newly reveal several network operators that modify traffic not
limited to a specific set of users. Such network operators alter
Internet traffic on the basis of its content, primarily by the
website a user visits. The traffic of every Internet user that
traverses these network operators is susceptible to alteration."
www.arxiv.org/pdf/1602.07128v1.pdf
--
RR
"Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3811 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20160404/a7647dfd/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20160404/a7647dfd/attachment.sig>
More information about the Testlist
mailing list