Re: [PLUG] IP: Comcast man-in-the-middle attack (fwd)

Jon Galt on Sun, 10 Feb 2002 00:03:47 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IP: Comcast man-in-the-middle attack (fwd)

From: Jon Galt <jongalt@pinn.net>

To: Philadelphia Linux Users Group <plug@lists.phillylinux.org>

Subject: Re: [PLUG] IP: Comcast man-in-the-middle attack (fwd)

Date: Sat, 9 Feb 2002 17:54:44 -0500 (EST)

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On Fri, 8 Feb 2002, Jaiwant Mulik wrote: > >>If a comcast victim/customer sends a packet to port 80 at any IP address, > >>it is intercepted by the Inktomi Traffic-Server, the contents of the > >>packet are examined for the GET url and the "Host:" field. The Inktomi > >>Traffic-Server then sends the http request on to your destination from > >>it's address with modified content and headers. It then caches the > >>returned data, changes both the header and the content, and sends the > >>packet to your machine with the spoofed IP of the server you had > >>requested. Perhaps I'm playing devil's advocate here, or maybe I'm just an idiot, but isn't this basically what a proxy server does? NOT that I'm wishing I were a comcast subscriber, about now! Wayne ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] IP: Comcast man-in-the-middle attack (fwd)
From: Jaiwant Mulik <jmulik@unix.temple.edu>

Prev by Date: [PLUG] Comcast "OPEN IMMEDIATELY" but don't

Next by Date: Re: [PLUG] Comcast "OPEN IMMEDIATELY" but don't

Previous by thread: Re: [PLUG] IP: Comcast man-in-the-middle attack (fwd)

Next by thread: [PLUG] OT: Perl Programmer Job Opening

Index(es):

Date

Thread