[Cialug] Mediacom fscking with web access?

Josh More morej at alliancetechnologies.net
Mon Sep 7 19:23:28 CDT 2009


What happens when you do this:


$ telnet code0.net 80
Trying 209.9.237.21...
Connected to code0.net.
Escape character is '^]'.
GET /blah HTTP/1.1
Host: code0.net     





-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> "Jonathan C. Bailey" <jbailey at co.marshall.ia.us> 09/07/09 7:20 PM
>>>
The DNS side is fine.. For example, eztv.it resolves to 212.63.212.35,
which is the correct address. My own domain (code0.net) resolves to
209.9.237.21 which is correct, but if I hit code0.net/blah (which
doesn't exist), I get the Mediacom redirect rather than an Apache
generated 404. Maybe this is another use they've found for DPI?

I could grab a packet capture if anyone is interested...

-Jon

----- Original Message -----
From: "Josh More" <morej at alliancetechnologies.net>
To: cialug at cialug.org, jbailey at co.marshall.ia.us
Sent: Monday, September 7, 2009 7:11:58 PM GMT -05:00 Colombia
Subject: Re: [Cialug] Mediacom fscking with web access?

OK, that doesn't make sense to me.  There's not much more there than DNS
and HTTP.

What happens when you try a dig directly against the OpenDNS servers,
then turn around and use that IP in a telnet test to port 80?



-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701

>>> "Jonathan C. Bailey" <jbailey at co.marshall.ia.us> 09/07/09 6:31 PM
>>>
Nope...

Just tried to proxy with Ziproxy via a VPS I have.. It's on an uncommon
port (randomly chosen), and requires HTTP basic auth, but Mediacom still
fsck'd with it..

-Jon

----- Original Message -----
From: "Josh More" <morej at alliancetechnologies.net>
To: cialug at cialug.org, jbailey at co.marshall.ia.us
Sent: Monday, September 7, 2009 6:15:02 PM GMT -05:00 Colombia
Subject: RE: [Cialug] Mediacom fscking with web access?

Is it fixed by using a web proxy?

-Josh

Mobile email powered by Nokia Intellisync

---- Original Message ----
From: "Jonathan C. Bailey" <jbailey at co.marshall.ia.us>
Date: 09/9/7 18:11
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Subj: Re: [Cialug] Mediacom fscking with web access?
I knew that from before and have been using OpenDNS for quite a while..
The problem now is that they seem to be doing it at a higher level than
DNS..

-Jon

----- Original Message -----
From: "randy rote" <randy.rote at gmail.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Monday, September 7, 2009 6:08:16 PM GMT -05:00 Colombia
Subject: Re: [Cialug] Mediacom fscking with web access?

I've had problems with that for a while now. I started using OpenDNS
rather than trusting their servers.

-----Original Message-----
From: "Jonathan C. Bailey" <jbailey at co.marshall.ia.us>

Date: Mon, 7 Sep 2009 18:01:10 
To: cialug<cialug at cialug.org>
Subject: [Cialug] Mediacom fscking with web access?


It seems that Mediacom has taken their "redirection" service to a new
level.. Now 404s (depending on the site) also go to their damn search
service!!! Can anyone else confirm this?

example: http://timesrepublican.com/thisdoesnotexist/

----------------------------------------------------------------------
Also...

jcbailey at hybrid:~$ telnet eztv.it 80
Trying 212.63.212.35...
Connected to eztv.it.
Escape character is '^]'.
GET /shows/add/16167/ HTTP/1.1
Host: eztv.it
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3pre)
Gecko/20090818 Ubuntu/9.04 (jaunty) Shiretoko/3.5.3pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.1 200 OK

window.location='http://assist.mediacomcable.com/mediacomassist_pnf/dnsassist/main/?domain='+escape(window.location);The
Search Guide redirection service has been enabled to provide helpful
searches from browser queries. You entered a non-existent url and your
browser attempted to redirect you with Javascript. To enable this please
update your browser preferences. <a
href='http://search.mediacomcable.com/prefs.php'>To turn off this
feature please click this here

Connection closed by foreign host.

----------------------------------------------------------------------

jcbailey at hybrid:~$ telnet eztv.it 80
Trying 212.63.212.35...
Connected to eztv.it.
Escape character is '^]'.
GET /shows/add/16167/ HTTP/1.1
Host: eztv.it

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 07 Sep 2009 22:50:59 GMT
Server: lighttpd/1.5.0

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 
  404 - Not Found
 
 
  404 - Not Found
 

Connection closed by foreign host.

----------------------------------------------------------------------

-Jon
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug



More information about the Cialug mailing list