[TriLUG] Frontier doing packet inspection?

Pinkham steve.pinkham at gmail.com
Sun Dec 8 23:03:26 EST 2013


On 12/8/13, 7:41 PM, Joseph Mack NA3T wrote:
> What is Frontier getting out of proxy-ing my http connections? (I assume
> they aren't doing it to benefit me.)
> 

I'd suggest you collect some evidence to support your guess, for example
put your typo site of interest in your hosts file or change your DNS
server to 8.8.8.8 (google's dns) and see if they activity changes (after
restarting your browser to clear it's DNS caching).  Check the SSL cert
you get to that site from your local connection and compare it to what
you get over a VPN or from a work connection, or use

DNS NXDOMAIN hijacking is standard policy for many ISPs including
Frontier[1]. Proxying random http so they can display ads is not, and
I'd be *highly* surprised if that's what's going on. (Note: Apparently
they were hijacking non-SSL search traffic specifically for a short time
at least[2], but DNS hijacking has been happening for a while and fits
your symptoms much better)

[1] http://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_ISPs
[2]
https://www.eff.org/deeplinks/2011/07/widespread-search-hijacking-in-the-us



More information about the TriLUG mailing list