[App_rpt-users] Got a strange error in my AT&T gateway
David Shaw
shawpbx at gmail.com
Sun Jul 30 18:27:15 UTC 2017
Well there you have it. If KB4FXC is right. AT&T hijacked your packet and
your router acted appropriately. So I'll check to see if https will work or
not. But you'r router is still freaking out.
David
--
Thanks, David
"Laws that forbid the carrying of arms...disarm only those who are neither
inclined nor determined to commit crimes. Such laws make things worse for
the assaulted and better for the assailants; they serve rather to encourage
than prevent homicides, for an unarmed man may be attacked with greater
confidence than an armed one."
Thomas Jefferson
On Sun, Jul 30, 2017 at 11:04 AM, David McGough <kb4fxc at inttek.net> wrote:
>
> George,
>
> I sent you a link to a related, but wrong article, earlier. This link
> explains what is going on:
>
> https://arstechnica.com/information-technology/2015/
> 03/atts-plan-to-watch-your-web-browsing-and-what-you-can-do-about-it/
>
> So, basically, what "hijacked" means is that the DNS entry for
> stats.allstarlink.org has been spoofed by AT&T, and those queries have
> been redirected to an AT&T proxy server (AKA: man in the middle) for
> "evaluation" before passing the request along to the REAL stats server.
>
> DNS hijacking is becoming a serious problem these days, even if you set
> your DNS server explicitly to a well known address---like google
> (8.8.8.8)....This problem is one reason so much traffic on the Internet
> these days uses TLS (https), since using TLS will at least notify you of
> an invalid host (like a proxy server). BUT, be aware that even using TLS
> doesn't eliminate this man-in-the-middle problem, it just makes it easier
> to spot.
>
> 73, David KB4FXC
>
>
>
>
>
> On Sun, 30 Jul 2017, George Csahanin wrote:
>
> > Maybe I wasn't clear on this point.
> >
> > host=stats.allstarlink.org url=/uhandler.php is a valid line from
> rpt.conf, well, technically http://stats.allstarlink.org/uhandler.php is.
> > And my stats show up in stats.allstarlink.org
> >
> > I found this on ATT forum, from another user (oddly, NOT from AT&T):
> > */"the correct information in regards to the " hijacked" description
> > endings in the logs. They are stating that the/**/*Gateway*/**/has
> hijacked the connection, and is providing responses. It does not
> > mean that an external party has hijacked the connection. The gateway
> > does this to send you error messages (i.e. in your browser), but it
> > usually causes more harm than it does good./*"
> >
> > I'll ignore this log entry. The daily reboot is still a mystery, sort
> of...it IS AT&T
> >
> > GeorgeC
> > 2360
> >
> >
> > On 7/29/2017 12:29 PM, George Csahanin wrote:
> > > Hi all. I've been seeing a daily reboot of my AT&T gateway, has done
> > > it three times now. Looked at the logs in the AT&T box and I see
> several:
> > >
> > > host=stats.allstarlink.org url=/uhandler.php hijacked
> > >
> > > Anybody know what this might mean?
> > >
> > > GeorgeC
> > >
> > >
> >
> >
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/
> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
> the page. Enter your email address and press the "Unsubscribe or edit
> options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170730/0451f89c/attachment.html>
More information about the App_rpt-users
mailing list