Difference between revisions of "NN2013"
(Created page with ' ==Examples of Neutrality Violations ==') |
|||
| Line 1: | Line 1: | ||
| + | ==Examples of Neutrality violations == | ||
| + | ===Connection-Reset: Baidu.cn=== | ||
| + | \begin{scriptsize} | ||
| + | \label{lsting:baidu} | ||
| + | \begin{verbatim} | ||
| + | 14:45:11.197146 IP wlan033084.uni- | ||
| + | rostock.de.11479 > 220.181.111.147.http: | ||
| + | Flags [P.], ack 2789374741, win 65535, length 241 | ||
| + | E.....@.@.....!T..o.,..P.J<..B{.P...sZ.. | ||
| + | GET /s?wd=falun%20gong HTTP/1.1 | ||
| + | Host: www.baidu.com | ||
| + | User-Agent: ELinks/0.11.7 (textmode; FreeBSD | ||
| + | 8.0-BETA2 i386; 197x67-2) | ||
| + | Referer: http://www.baidu.com/ | ||
| + | Accept: */* | ||
| + | Accept-Encoding: gzip | ||
| + | Accept-Language: en | ||
| + | Connection: Keep-Alive | ||
| − | == | + | |
| + | 14:45:11.502060 IP 220.181.111.147.http > | ||
| + | wlan033084.uni-rostock.de.11479: | ||
| + | Flags [.], ack 241, win 7504, length 0 | ||
| + | E..(..@.,..z..o...!T.P,..B{..J<.P..P#... | ||
| + | 14:45:11.502466 IP 220.181.111.147.http > | ||
| + | wlan033084.uni-rostock.de.11479: | ||
| + | Flags [R.], seq 1, ack 241, win 2390, length 0 | ||
| + | E..(..@.|.yh..o...!T.P,..B{..J<.P. V6... | ||
| + | 14:45:11.503090 IP 220.181.111.147.http > | ||
| + | wlan033084.uni-rostock.de.11479: | ||
| + | Flags [R.], seq 1461, ack 241, win 2391, length 0 | ||
| + | E..(..@.}.xk..o...!T.P,..B...J<.P. W1H.. | ||
| + | 14:45:11.503432 IP 220.181.111.147.http > | ||
| + | wlan033084.uni-rostock.de.11479: | ||
| + | Flags [R.], seq 4381, ack 241, win 2392, length 0 | ||
| + | E..(..@.~.u...o...!T.P,..B.1.J<.P. X%... | ||
| + | \end{verbatim} | ||
| + | \end{scriptsize} | ||
| + | The test was performed in February 2011. | ||
| + | |||
| + | \subsection{Content-Manipulation: SMTP-EHLO} | ||
| + | \label{lsting:smtp} | ||
| + | \begin{scriptsize} | ||
| + | \begin{verbatim} | ||
| + | 220 mail.gmx.net GMX Mailservices ESMTP {mp003} | ||
| + | EHLO tralalal | ||
| + | 250-mail.gmx.net GMX Mailservices | ||
| + | 250-8BITMIME | ||
| + | 250-ENHANCEDSTATUSCODES | ||
| + | 250-SIZE | ||
| + | 250-AUTH=LOGIN PLAIN | ||
| + | 250-AUTH LOGIN PLAIN | ||
| + | 250 STARTTLS | ||
| + | \end{verbatim} | ||
| + | Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes: | ||
| + | \begin{verbatim} | ||
| + | 220 ******************************************* | ||
| + | EHLO tralala | ||
| + | 250-mail.gmx.net GMX Mailservices | ||
| + | 250-8BITMIME | ||
| + | 250-ENHANCEDSTATUSCODES | ||
| + | 250-SIZE | ||
| + | 250-AUTH=LOGIN PLAIN | ||
| + | 250-AUTH LOGIN PLAIN | ||
| + | 250 XXXXXXXA | ||
| + | \end{verbatim} | ||
| + | \end{scriptsize} | ||
| + | |||
| + | \subsection{Content-Manipulation: HTML-File and Images} | ||
| + | \label{lsting:UMTS} | ||
| + | \begin{scriptsize} | ||
| + | \begin{verbatim} | ||
| + | <html> | ||
| + | <body><img src="eins.png"></body> | ||
| + | </html> | ||
| + | \end{verbatim} | ||
| + | |||
| + | This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1'', the file appears with the following content: | ||
| + | |||
| + | \begin{verbatim} | ||
| + | <html> | ||
| + | <script src="http://1.2.3.4/bmi-int-js/bmi.js" | ||
| + | language="javascript"></script> | ||
| + | <body> | ||
| + | <img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins. | ||
| + | png"> | ||
| + | </body> </html> | ||
| + | <script language="javascript"> | ||
| + | <!-- | ||
| + | bmi_SafeAddOnload(bmi_load,"bmi_orig_img",1); | ||
| + | //--> | ||
| + | \end{verbatim} | ||
| + | \end{scriptsize} | ||
| + | |||
| + | \subsection{Connection-Manipulation: IP-Address-Spoofing} | ||
| + | \label{lsting:ipspoofing} | ||
| + | \subsubsection{Human-Readable} | ||
| + | The request may be as follows: | ||
| + | \begin{scriptsize} | ||
| + | \begin{verbatim} | ||
| + | GET / HTTP/1.1 | ||
| + | Host: heise.de | ||
| + | Accept: */* | ||
| + | \end{verbatim} | ||
| + | It is issued to the IP addresses assigned to the domain \verb,heise.de,: | ||
| + | \begin{verbatim} | ||
| + | [ad001@glas /usr/home/ad001]$ host heise.de | ||
| + | heise.de has address 193.99.144.80 | ||
| + | heise.de has IPv6 address 2a02:2e0:3fe:100::8 | ||
| + | heise.de mail is handled by 10 relay.heise.de. | ||
| + | [ad001@glas /usr/home/ad001]$ perl -e 'print "GET / | ||
| + | HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' | | ||
| + | nc 193.99.144.80 80 | ||
| + | HTTP/1.1 302 Found | ||
| + | Date: Fri, 04 Mar 2011 13:23:17 GMT | ||
| + | Server: Apache | ||
| + | Location: http://blue4.wlan.uni-rostock.de/login.pl?action= | ||
| + | which_interface&destination=http://heise.de/%3f | ||
| + | Connection: close | ||
| + | Transfer-Encoding: chunked | ||
| + | Content-Type: text/html; charset=iso-8859-1 | ||
| + | |||
| + | 118 | ||
| + | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | ||
| + | <HTML><HEAD> | ||
| + | <TITLE>302 Found</TITLE> | ||
| + | </HEAD><BODY> | ||
| + | <H1>Found</H1> | ||
| + | The document has moved <A HREF="http://blue4. | ||
| + | wlan.uni-rostock.de/login.pl?action=which_interface | ||
| + | &destination=http://heise.de/%3f">here</A>.<P> | ||
| + | </BODY></HTML> | ||
| + | |||
| + | 0 | ||
| + | |||
| + | Connection closed by foreign host. | ||
| + | \end{verbatim} | ||
| + | \end{scriptsize} | ||
| + | \subsubsection{Dumps} | ||
| + | \begin{scriptsize} | ||
| + | \begin{verbatim} | ||
| + | 14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http: | ||
| + | Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 | ||
| + | ecr 2443535463], length 47 | ||
| + | E..c.U@.@.:... ..c.P. .P......(... ........ | ||
| + | ...t..dgGET / HTTP/1.1 | ||
| + | Host: heise.de | ||
| + | Accept: */* | ||
| + | |||
| + | [...] | ||
| + | |||
| + | 14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: | ||
| + | Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS | ||
| + | val 2443535486 ecr 1091444], length 503 | ||
| + | E..+L.@.@....c.P.. ..P. ..)%............... | ||
| + | ..d~...t Apache | ||
| + | Location: http://blue4.wlan.uni-rostock.de/login.pl?action= | ||
| + | which_interface&destination=http://heise.de/%3f | ||
| + | Connection: close | ||
| + | Transfer-Encoding: chunked | ||
| + | Content-Type: text/html; charset=iso-8859-1 | ||
| + | |||
| + | 118 | ||
| + | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> | ||
| + | <HTML><HEAD> | ||
| + | <TITLE>302 Found</TITLE> | ||
| + | </HEAD><BODY> | ||
| + | <H1>Found</H1> | ||
| + | The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/ | ||
| + | login.pl?action=which_interface&destination=http://heise.de/ | ||
| + | %3f">here</A>.<P> | ||
| + | </BODY></HTML> | ||
| + | |||
| + | 0 | ||
| + | \end{verbatim} | ||
| + | \end{scriptsize} | ||
Revision as of 12:15, 29 April 2013
Examples of Neutrality violations
Connection-Reset: Baidu.cn
\begin{scriptsize} \label{lsting:baidu} \begin{verbatim} 14:45:11.197146 IP wlan033084.uni- rostock.de.11479 > 220.181.111.147.http: Flags [P.], ack 2789374741, win 65535, length 241 E.....@.@.....!T..o.,..P.J<..B{.P...sZ.. GET /s?wd=falun%20gong HTTP/1.1 Host: www.baidu.com User-Agent: ELinks/0.11.7 (textmode; FreeBSD 8.0-BETA2 i386; 197x67-2) Referer: http://www.baidu.com/ Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: Keep-Alive
14:45:11.502060 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [.], ack 241, win 7504, length 0 E..(..@.,..z..o...!T.P,..B{..J<.P..P#... 14:45:11.502466 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 1, ack 241, win 2390, length 0 E..(..@.|.yh..o...!T.P,..B{..J<.P. V6... 14:45:11.503090 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 1461, ack 241, win 2391, length 0 E..(..@.}.xk..o...!T.P,..B...J<.P. W1H.. 14:45:11.503432 IP 220.181.111.147.http >
wlan033084.uni-rostock.de.11479:
Flags [R.], seq 4381, ack 241, win 2392, length 0 E..(..@.~.u...o...!T.P,..B.1.J<.P. X%... \end{verbatim} \end{scriptsize} The test was performed in February 2011.
\subsection{Content-Manipulation: SMTP-EHLO} \label{lsting:smtp} \begin{scriptsize} \begin{verbatim} 220 mail.gmx.net GMX Mailservices ESMTP {mp003} EHLO tralalal 250-mail.gmx.net GMX Mailservices 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 250-AUTH=LOGIN PLAIN 250-AUTH LOGIN PLAIN 250 STARTTLS \end{verbatim} Using the Internet uplink provided by the Studentenwerk Rostock (test performed in September 2011), the answer changes: \begin{verbatim} 220 ******************************************* EHLO tralala 250-mail.gmx.net GMX Mailservices 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 250-AUTH=LOGIN PLAIN 250-AUTH LOGIN PLAIN 250 XXXXXXXA \end{verbatim} \end{scriptsize}
\subsection{Content-Manipulation: HTML-File and Images} \label{lsting:UMTS} \begin{scriptsize} \begin{verbatim} <html> <body><img src="eins.png"></body> </html> \end{verbatim}
This content is contained in a file on a web server. It includes a graphic file. Acquired through the UMTS network of the German Internet service provider ``1\&1, the file appears with the following content:
\begin{verbatim} <html> <script src="http://1.2.3.4/bmi-int-js/bmi.js" language="javascript"></script> <body> <img src="http://1.1.1.4/bmi/139.30.1.202/ad001/down/eins. png"> </body> </html> <script language="javascript"> \end{verbatim} \end{scriptsize}
\subsection{Connection-Manipulation: IP-Address-Spoofing} \label{lsting:ipspoofing} \subsubsection{Human-Readable} The request may be as follows: \begin{scriptsize} \begin{verbatim} GET / HTTP/1.1 Host: heise.de Accept: */* \end{verbatim} It is issued to the IP addresses assigned to the domain \verb,heise.de,: \begin{verbatim} [ad001@glas /usr/home/ad001]$ host heise.de heise.de has address 193.99.144.80 heise.de has IPv6 address 2a02:2e0:3fe:100::8 heise.de mail is handled by 10 relay.heise.de. [ad001@glas /usr/home/ad001]$ perl -e 'print "GET / HTTP/1.1\r\nHost: heise.de\r\nAccept: */*\r\n\r\n"' | nc 193.99.144.80 80 HTTP/1.1 302 Found Date: Fri, 04 Mar 2011 13:23:17 GMT Server: Apache Location: http://blue4.wlan.uni-rostock.de/login.pl?action= which_interface&destination=http://heise.de/%3f Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1
118 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY>
Found
The document has moved <A HREF="http://blue4. wlan.uni-rostock.de/login.pl?action=which_interface
&destination=http://heise.de/%3f">here</A>.</BODY></HTML> 0 Connection closed by foreign host. \end{verbatim} \end{scriptsize} \subsubsection{Dumps} \begin{scriptsize} \begin{verbatim} 14:32:35.503903 IP 139.30.32.197.59424 > 193.99.144.80.http: Flags [P.], ack 1, win 8326, options [nop,nop,TS val 1091444 ecr 2443535463], length 47 E..c.U@.@.:... ..c.P. .P......(... ........ ...t..dgGET / HTTP/1.1 Host: heise.de Accept: */* [...] 14:32:35.519615 IP 193.99.144.80.http > 139.30.32.197.59424: Flags [FP.], seq 65:568, ack 48, win 1448, options [nop,nop,TS val 2443535486 ecr 1091444], length 503 E..+L.@.@....c.P.. ..P. ..)%............... ..d~...t Apache Location: http://blue4.wlan.uni-rostock.de/login.pl?action= which_interface&destination=http://heise.de/%3f Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 118 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY>
Found
The document has moved <A HREF="http://blue4.wlan.uni-rostock.de/ login.pl?action=which_interface&destination=http://heise.de/ %3f">here</A>.<P> </BODY></HTML>
0 \end{verbatim}
\end{scriptsize}