URLs, IPs and interception
Chris Edwards
ukcrypto at chiark.greenend.org.uk
Sat, 1 Mar 2008 00:41:09 +0000 (GMT)
On Fri, 29 Feb 2008, James Cox wrote:
| they actually dropped them? my parents are still on an ntl/virgin line and
| report behavior which is classically symptomatic of a transparent cache.
Web requests used to hit the Internet with a src-addr not our own IP, and
with DNS hostname like yyyy-cache-x.server.ntli.net. Nowdays, our web
requests come from our own IP addr. Plus, a port 80 tcptraceroute looks
normal.
This since easter 2007 for cablemodems in Glasgow - I believe same
happened for NTL / virgin cablemodems elsewhere at similar time.
It's theoretically possible they somehow made the transparent caches alot
more transparent. But all the tests I can think of suggest they simply
removed them, leaving a clear path on TCP port 80. As Ian says, caching
is almost worthless nowadays.
That said, I think alot of enterprises have kept their proxy caches, for
command+control reasons (e.g blocking malware) plus the HR dept like the
URL log - which can be enabled on a private network by RIPA + LBPR.