Difference between revisions of "NN2013"
From OpenScience
| (2 intermediate revisions by the same user not shown) | |||
| Line 52: | Line 52: | ||
</pre> | </pre> | ||
| − | + | ===Content-Manipulation: HTML-File and Images=== | |
| − | + | <pre> | |
| − | + | ||
| − | + | ||
<html> | <html> | ||
<body><img src="eins.png"></body> | <body><img src="eins.png"></body> | ||
</html> | </html> | ||
| − | + | </pre> | |
| + | This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1&1'', the file appears with the following content (when downloaded in early 2011): | ||
| − | + | <pre> | |
| − | + | ||
| − | + | ||
<html> | <html> | ||
<script src="http://1.2.3.4/bmi-int-js/bmi.js" | <script src="http://1.2.3.4/bmi-int-js/bmi.js" | ||
| Line 75: | Line 72: | ||
bmi_SafeAddOnload(bmi_load,"bmi_orig_img",1); | bmi_SafeAddOnload(bmi_load,"bmi_orig_img",1); | ||
//--> | //--> | ||
| − | + | </pre> | |
| − | + | ||
| − | + | ||
| − | + | ===Connection-Manipulation: IP-Address-Spoofing=== | |
| − | + | ====Human-Readable==== | |
The request may be as follows: | The request may be as follows: | ||
| − | + | <pre> | |
| − | + | ||
GET / HTTP/1.1 | GET / HTTP/1.1 | ||
Host: heise.de | Host: heise.de | ||
Accept: */* | Accept: */* | ||
| − | + | </pre> | |
| − | It is issued to the IP addresses assigned to the domain | + | It is issued to the IP addresses assigned to the domain heise.de: |
| − | + | <pre> | |
[ad001@glas /usr/home/ad001]$ host heise.de | [ad001@glas /usr/home/ad001]$ host heise.de | ||
heise.de has address 193.99.144.80 | heise.de has address 193.99.144.80 | ||
| Line 120: | Line 115: | ||
Connection closed by foreign host. | Connection closed by foreign host. | ||
| − | + | </pre> | |
| − | + | ||
| − | + | ====Dumps==== | |
| − | + | <pre> | |
| − | + | 14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http: Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 ecr 2443535463], length 47 | |
| − | + | ||
| − | Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 | + | |
| − | ecr 2443535463], length 47 | + | |
E..c.U@.@.:... ..c.P. .P......(... ........ | E..c.U@.@.:... ..c.P. .P......(... ........ | ||
...t..dgGET / HTTP/1.1 | ...t..dgGET / HTTP/1.1 | ||
| Line 135: | Line 127: | ||
[...] | [...] | ||
| − | 14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: | + | 14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS val 2443535486 ecr 1091444], length 503 |
| − | Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS | + | |
| − | val 2443535486 ecr 1091444], length 503 | + | |
E..+L.@.@....c.P.. ..P. ..)%............... | E..+L.@.@....c.P.. ..P. ..)%............... | ||
..d~...t Apache | ..d~...t Apache | ||
| − | Location: http://blue4.wlan.uni-rostock.de/login.pl?action= | + | Location: http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f |
| − | which_interface&destination=http://heise.de/%3f | + | |
Connection: close | Connection: close | ||
Transfer-Encoding: chunked | Transfer-Encoding: chunked | ||
| Line 152: | Line 141: | ||
</HEAD><BODY> | </HEAD><BODY> | ||
<H1>Found</H1> | <H1>Found</H1> | ||
| − | The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/ | + | The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f">here</A>.<P> |
| − | login.pl?action=which_interface&destination=http://heise.de/ | + | |
| − | %3f">here</A>.<P> | + | |
</BODY></HTML> | </BODY></HTML> | ||
0 | 0 | ||
| − | + | </pre> | |
| − | + | This test has also been performed in February 2011. | |
Latest revision as of 12:27, 29 April 2013
Contents
Examples of Neutrality violations
Connection-Reset: Baidu.cn
14:45:11.197146 IP wlan033084.uni-rostock.de.11479 > 220.181.111.147.http:Flags [P.], ack 2789374741, win 65535, length 241
E.....@.@.....!T..o.,..P.J<..B{.P...sZ..
GET /s?wd=falun%20gong HTTP/1.1
Host: www.baidu.com
User-Agent: ELinks/0.11.7 (textmode; FreeBSD
8.0-BETA2 i386; 197x67-2)
Referer: http://www.baidu.com/
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: Keep-Alive
14:45:11.502060 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [.], ack 241, win 7504, length 0
E..(..@.,..z..o...!T.P,..B{..J<.P..P#...
14:45:11.502466 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1, ack 241, win 2390, length 0
E..(..@.|.yh..o...!T.P,..B{..J<.P. V6...
14:45:11.503090 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 1461, ack 241, win 2391, length 0
E..(..@.}.xk..o...!T.P,..B...J<.P. W1H..
14:45:11.503432 IP 220.181.111.147.http > wlan033084.uni-rostock.de.11479:Flags [R.], seq 4381, ack 241, win 2392, length 0
E..(..@.~.u...o...!T.P,..B.1.J<.P. X%...
The test was performed in February 2011.
Content-Manipulation: SMTP-EHLO
220 mail.gmx.net GMX Mailservices ESMTP {mp003}
EHLO tralalal
250-mail.gmx.net GMX Mailservices
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-SIZE
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250 STARTTLS
Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes:
220 ******************************************* EHLO tralala 250-mail.gmx.net GMX Mailservices 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 250-AUTH=LOGIN PLAIN 250-AUTH LOGIN PLAIN 250 XXXXXXXA
Content-Manipulation: HTML-File and Images
<html> <body><img src="eins.png"></body> </html>
This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1&1, the file appears with the following content (when downloaded in early 2011):
<html> <script src="http://1.2.3.4/bmi-int-js/bmi.js" language="javascript"></script> <body> <img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins. png"> </body> </html> <script language="javascript"> <!-- bmi_SafeAddOnload(bmi_load,"bmi_orig_img",1); //-->
Connection-Manipulation: IP-Address-Spoofing
Human-Readable
The request may be as follows:
GET / HTTP/1.1 Host: heise.de Accept: */*
It is issued to the IP addresses assigned to the domain heise.de:
[ad001@glas /usr/home/ad001]$ host heise.de heise.de has address 193.99.144.80 heise.de has IPv6 address 2a02:2e0:3fe:100::8 heise.de mail is handled by 10 relay.heise.de. [ad001@glas /usr/home/ad001]$ perl -e 'print "GET / HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' | nc 193.99.144.80 80 HTTP/1.1 302 Found Date: Fri, 04 Mar 2011 13:23:17 GMT Server: Apache Location: http://blue4.wlan.uni-rostock.de/login.pl?action= which_interface&destination=http://heise.de/%3f Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 118 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://blue4. wlan.uni-rostock.de/login.pl?action=which_interface &destination=http://heise.de/%3f">here</A>.<P> </BODY></HTML> 0 Connection closed by foreign host.
Dumps
14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http: Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 ecr 2443535463], length 47 E..c.U@.@.:... ..c.P. .P......(... ........ ...t..dgGET / HTTP/1.1 Host: heise.de Accept: */* [...] 14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS val 2443535486 ecr 1091444], length 503 E..+L.@.@....c.P.. ..P. ..)%............... ..d~...t Apache Location: http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 118 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/login.pl?action=which_interface&destination=http://heise.de/%3f">here</A>.<P> </BODY></HTML> 0
This test has also been performed in February 2011.
