Hello, You probably don't need to be told otherwise, but do not trust Charter (or any ISP) with your HTTP traffic even if you're paying for a business connection and expect internet without tampering or analysis. I recently started receiving redirects to a Terms & Conditions page on IPv4 HTTP traffic. My tests indicate they don't do it with IPv6 through their 6rd Border Relay and of course they can't do it with HTTPS. Surprisingly most of my traffic avoids IPv4 HTTP so I am not sure how long this has been going on. They insert RST packets and then redirect you to a page to present you new T&C they want you to accept. The URL looks like this: http://tandc-browsermessaging.charter.net/?sub=ctgcw67P4wwQS1UWxrkXpw%7CzDWlBWA5zOMe_UlM2CDTNrvyOKhDVmmHD7FsEYdrkAGchiHqZj0U-x7_udYQ1hOM3hHa-exjfm0I0aU0rNGXvOwNLaMhjs6DcqDCqHFaaNPd_oJPhAW98gaC05D_bhpF-mss5gQIkstxEUxEOpezjQ&originalURL=http%3A//seclists.org/fulldisclosure/&ack=24.217.29.129 I've attached a packet dump of this in action. Stay safe
Attachment:
charter.pcapng
Description: Binary data
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/