Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 08 February 2013 14:50 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC6321F8A61 for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 06:50:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.855
X-Spam-Level:
X-Spam-Status: No, score=-98.855 tagged_above=-999 required=5 tests=[AWL=-1.340, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, J_CHICKENPOX_34=0.6, RCVD_ILLEGAL_IP=1.908, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MpshMIpa6BA for <mif@ietfa.amsl.com>; Fri, 8 Feb 2013 06:50:10 -0800 (PST)
Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 3822E21F8A64 for <mif@ietf.org>; Fri, 8 Feb 2013 06:50:10 -0800 (PST)
Received: by mail-we0-f173.google.com with SMTP id r5so3089208wey.32 for <mif@ietf.org>; Fri, 08 Feb 2013 06:50:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=cyEMBXEvJ/IYLCHrk2WTeY7L4/z1Zb5jL/KxkramBr8=; b=PWS7XDRWt9hsB5VR/TJg6WXXhDhIawY19I6Iqn+lGSJgmrViAMosQeWDAd6Tj3id2S Wnv34Yl/9mURx8W3fOIjGV9tDbiqTALKxH/MlTRJa91g5xO+2GKcScn1ohXigDLiZtjA eWi5q8itRvU2BUcbLu8jBtLfxV7MOO6QtEddqiSlfN8h3uBokTk6VMQ5uILlvwPB7rjy tIW73QdR3dD0B/0/ok/nlTIdW/Wou4DBZkcyF3Xjvyz2QZiMq5l0CfO9jrjewIbdwT4x fXNXvlZ8+NOnGqN8inHwy0E534S85Tp5dBh9bh1GrQGLM9aY2dL/lqMybdZwu5vZT+9z wu9Q==
X-Received: by 10.194.78.207 with SMTP id d15mr10251614wjx.52.1360335006583; Fri, 08 Feb 2013 06:50:06 -0800 (PST)
Received: from [192.168.1.65] (host-2-101-188-26.as13285.net. [2.101.188.26]) by mx.google.com with ESMTPS id be1sm15930680wib.10.2013.02.08.06.50.04 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 08 Feb 2013 06:50:05 -0800 (PST)
Message-ID: <511510AA.1060704@gmail.com>
Date: Fri, 08 Feb 2013 14:50:18 +0000
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Keith Moore <moore@network-heretics.com>
References: <0f2e01ce0556$6698cf60$33ca6e20$@cisco.com> <5113E9EF.5090400@network-heretics.com>
In-Reply-To: <5113E9EF.5090400@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: mif@ietf.org
Subject: Re: [mif] declaring interface 'up', with WiFi DNS/HTTP interception (login) proxies [was RE: DNS selection with HE-MIF]
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2013 14:50:11 -0000
On 07/02/2013 17:52, Keith Moore wrote: > On 02/07/2013 12:13 PM, Dan Wing wrote: >> The technique used by both Apple and Microsoft is, when joining a new >> network, to attempt to retrieve a certain URI. Microsoft's procedure >> is described in >> http://technet.microsoft.com/en-us/library/cc766017%28v=ws.10%29.aspx, >> which queries www.msftncsi.com and needs to see 131.107.255.255 as >> the answer, and then does an HTTP GET. If anything is abnormal, it >> assumes there is a proxy on the path. Apple does something similar by >> attempting to retrieve https://www.apple.com/library/test/success.html. >> Unfortunately, this seems the best technique available to detect such >> DNS interception and HTTP interception proxies that force a login or >> force a click-through. >> >> For MIF -- not just HE-MIF, but all of MIF -- we should not declare an >> interface "up" until such a validation succeeds. It is unfortunate >> this is not solved at layer 2, where it arguably belongs. > > Would it be worthwhile for MIF to start making a list of things that > really need solutions elsewhere? Even if there are hacks or heuristics > that are used in the absence of such solutions? The MS hack does a WGET on http://www.msftncsi.com/ncsi.txt and requires the correct text to be returned. An extension is http://ipv6.msftncsi.com/ncsi.txt, used to verify IPv6ness. It's supposed to resolve to 2001:450:2002:384::40d6:ce0b and again return the correct text. [Thanks to Dan Wing over on another list for this info.] Brian
- [mif] declaring interface 'up', with WiFi DNS/HTT… Dan Wing
- Re: [mif] declaring interface 'up', with WiFi DNS… Keith Moore
- Re: [mif] declaring interface 'up', with WiFi DNS… Ivancic, William D. (GRC-RHN0)
- Re: [mif] declaring interface 'up', with WiFi DNS… Michael Richardson
- Re: [mif] declaring interface 'up', with WiFi DNS… Brian E Carpenter
- Re: [mif] declaring interface 'up', with WiFi DNS… Alexandru Petrescu
- Re: [mif] declaring interface 'up', with WiFi DNS… Marc Blanchet
- Re: [mif] declaring interface 'up', with WiFi DNS… GangChen
- Re: [mif] declaring interface 'up', with WiFi DNS… Hui Deng