Forum Index | Search | Register (New User) | Login (Existing User) | Who's Online | FAQ | Main Site

General Discussion
  >> General Broadband Chatter Previous thread View all threads Next thread


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | [3] | (show all)   Print Thread
Standard User XRaySpeX
(eat-sleep-adslguide) Sat 10-Jun-17 21:19:56
Print Post

Re: ISP blocklists


[re: deleted] [link to this post] 		 
All the above images load 1-4 on EE.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User deleted
(deleted) Sun 11-Jun-17 01:54:34
Print Post

Re: ISP blocklists


[re: ukhardy07] [link to this post] 		 
In reply to a post by ukhardy07:
If you follow through your traffic, e.g. with BURP suite, where is it directing you?

Sounds to me like a big mess at VFs end (they are a new ISP afterall).

The DNS resolution on Vodafone looks like this:
C:\>nslookup i.imgur.com 192.168.1.1
Server:  vodafone.connect
Address:  192.168.1.1

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    i.imgur.com
Address:  90.255.255.1

C:\>nslookup 90.255.255.1 192.168.1.1
Server:  vodafone.connect
Address:  192.168.1.1

*** vodafone.connect can't find 90.255.255.1: Non-existent domain

The timeout bit there can be ignored. Wireshark shows that it's because nslookup asks for both IPv4 and IPv6, and Vodafone's DNS doesn't bother responding to the IPv6 request.

With Burp Suite and the browser set up with Burp's root certificate, everything is loading OK. The browser/Burp connects to 90.255.255.1 thinking it's imgur, and without any errors, Burp gets a response and rewraps it with Burp's certificate. It all works because Burp doesn't check the certificate, which is valid only for contentcontrol.vodafone.co.uk, not imgur.com. That level of certificate validation is probably not unlike in Vodafone's iwffilter squid server...

Good soundbite in a runaround support thread started in 2015:
In reference to forum.vodafone.co.uk/t5/Pay-monthly/Website-security-certificate-co...:
As part of Vodafone�s commitment to ensuring your safety on the internet we work with the Internet Watch Foundation (IWF) to monitor websites and domains that contain offensive content. Unfortunately imgur.com has currently been flagged as one such website. Our current content controls means that HTTPS traffic to this website will appear to be insecure. We are working on a solution with our vendor that will ensure that HTTPS traffic will work normally in the future. Vodafone�s content control platform does not monitor or log your internet traffic.

Oliver is right that filtering should be done on the content provider or distributor end, which is what the outspoken ISPs have been saying all along. IWF's report for 2016 shows that most URLs on their list have been from image hosts, although it's hard to say if they're shady unknown hosts or big ones that can have collateral damage like here.

Vodafone have been in the broadband market here only since late 2015, but they've provided mobile data for much longer than that.
Vodafone 0 - AAISP, BT, EE, Sky, TalkTalk, Uno 1
Standard User deleted
(deleted) Wed 21-Jun-17 14:37:26
Print Post

Re: ISP blocklists


[re: deleted] [link to this post] 		 
Any Plusnet users reading? https://www.blocked.org.uk/results?url=https://i.img... says Plusnet comes back with an SSL error when accessing https://i.imgur.com. Is their blocklist as lagged as Vodafone's is?


Register (or login) on our website and you will not see this ad.

Pages in this thread: 1 | 2 | [3] | (show all)   Print Thread

Previous thread View all threads Next thread
Jump to