Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
Keith Moore <moore@network-heretics.com> Thu, 07 February 2013 17:53 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 163AB21F8596 for <mif@ietfa.amsl.com>; Thu, 7 Feb 2013 09:53:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.01
X-Spam-Level:
X-Spam-Status: No, score=-3.01 tagged_above=-999 required=5 tests=[AWL=-0.217, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXixz8jRhGMC for <mif@ietfa.amsl.com>; Thu, 7 Feb 2013 09:52:59 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by ietfa.amsl.com (Postfix) with ESMTP id B268221F858E for <mif@ietf.org>; Thu, 7 Feb 2013 09:52:59 -0800 (PST)
Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 06A6620E1F for <mif@ietf.org>; Thu, 7 Feb 2013 12:52:58 -0500 (EST)
Received: from frontend2.nyi.mail.srv.osa ([10.202.2.161]) by compute1.internal (MEProxy); Thu, 07 Feb 2013 12:52:59 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=KBu6muRMh7b4tOi/5Z/xgl B3Bsw=; b=Yfr/VVWaj3BTKozCxiydkOAhKq6BouIPnh+NUjXK/NAf7B6Uww2ZCf pgsL3w3bxjN+k/1uE2dPd8UJaabOxWZAxbJjZZk+bvykBCdOsTGF8Wfj/JJK6MYH Aco8UczSr24bfajAGXRSiJ8tYCNEJKNqZJghksDeNkzG/XBTdjjco=
X-Sasl-enc: U0qC6cZMHxQxs88X7nhMS09b8Ntf3V9d0wHU5+Wm9RpC 1360259577
Received: from [192.168.1.4] (unknown [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id 71E524825E7; Thu, 7 Feb 2013 12:52:57 -0500 (EST)
Message-ID: <5113E9EF.5090400@network-heretics.com>
Date: Thu, 07 Feb 2013 12:52:47 -0500
From: Keith Moore <moore@network-heretics.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130106 Thunderbird/17.0.2
MIME-Version: 1.0
To: mif@ietf.org
References: <0f2e01ce0556$6698cf60$33ca6e20$@cisco.com>
In-Reply-To: <0f2e01ce0556$6698cf60$33ca6e20$@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2013 17:53:01 -0000
On 02/07/2013 12:13 PM, Dan Wing wrote: > The technique used by both Apple and Microsoft is, when joining a new > network, to attempt to retrieve a certain URI. Microsoft's procedure > is described in > http://technet.microsoft.com/en-us/library/cc766017%28v=ws.10%29.aspx, > which queries www.msftncsi.com and needs to see 131.107.255.255 as > the answer, and then does an HTTP GET. If anything is abnormal, it > assumes there is a proxy on the path. Apple does something similar by > attempting to retrieve https://www.apple.com/library/test/success.html. > Unfortunately, this seems the best technique available to detect such > DNS interception and HTTP interception proxies that force a login or > force a click-through. > > For MIF -- not just HE-MIF, but all of MIF -- we should not declare an > interface "up" until such a validation succeeds. It is unfortunate > this is not solved at layer 2, where it arguably belongs. Would it be worthwhile for MIF to start making a list of things that really need solutions elsewhere? Even if there are hacks or heuristics that are used in the absence of such solutions? Keith
- [mif] declaring interface 'up', with WiFi DNS/HTT… Dan Wing
- Re: [mif] declaring interface 'up', with WiFi DNS… Keith Moore
- Re: [mif] declaring interface 'up', with WiFi DNS… Ivancic, William D. (GRC-RHN0)
- Re: [mif] declaring interface 'up', with WiFi DNS… Michael Richardson
- Re: [mif] declaring interface 'up', with WiFi DNS… Brian E Carpenter
- Re: [mif] declaring interface 'up', with WiFi DNS… Alexandru Petrescu
- Re: [mif] declaring interface 'up', with WiFi DNS… Marc Blanchet
- Re: [mif] declaring interface 'up', with WiFi DNS… GangChen
- Re: [mif] declaring interface 'up', with WiFi DNS… Hui Deng