La neutralitée du Net sur un wifi Orange™, deuxième mensonge

Vut que je n’ai pas de vraie connection internet chez moi autre qu’un forfait à 50MB de 4G, j’utilise le réseau de orange… qui en plus de bloquer l’envoit des courriels par un client classique(mutt, thunderbird, …) (j’ai un tunnel SSH pour ceci et je pense mettre mutt sur mon serveur) fait aussi de la merde sur des nom-de-domaine inexistant·e, c’est à dire me rediriger(merci chromium, firefox a une option pour contrer ça) vers http://instantfwding.com/?dn=cet.abruti.de.nom.de.domaine.com&pid=7PO2UM87 Heuresement que j’ai uMatrix pour bloquer ces conneries. Sauf que ce n’est pas un comportement normal de mon réseau j’ai donc voulut voir ça de plus près.

$ cat /etc/resolv.conf.head
nameserver 127.0.0.1
nameserver 80.67.169.12
nameserver 80.67.169.40
domain hacktivis.me
search hacktivis.me
$ cat /etc/resolv.conf
# Generated by dhcpcd from wlp0s22f2u3.dhcp
nameserver 127.0.0.1
nameserver 80.67.169.12
nameserver 80.67.169.40
domain hacktivis.me
search hacktivis.me
domain orange-hotspot.com
nameserver 80.10.46.232
# /etc/resolv.conf.tail can replace this line
$ dig nxdomain.tld
; <<>> DiG 9.10.3-P2 <<>> nxdomain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27819
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nxdomain.tld.			IN	A

;; AUTHORITY SECTION:
.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2016100900 1800 900 604800 86400

;; Query time: 47 msec
;; SERVER: 80.67.169.12#53(80.67.169.12)
;; WHEN: Sun Oct 09 16:34:01 CEST 2016
;; MSG SIZE  rcvd: 116

$ dig nxdomain.tld @80.10.46.232
; <<>> DiG 9.10.3-P2 <<>> nxdomain.tld @80.10.46.232
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26873
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nxdomain.tld.			IN	A

;; ANSWER SECTION:
nxdomain.tld.		3600	IN	A	10.10.10.10

;; Query time: 43 msec
;; SERVER: 80.10.46.232#53(80.10.46.232)
;; WHEN: Sun Oct 09 16:36:26 CEST 2016
;; MSG SIZE  rcvd: 58

On commence déjà à avoir du DNS menteur, mais n’oubliont pas domain orange-hotspot.com (J’ai modifié ma config dhcpcd juste après avoir rédigé·e ce billet)

$ dig nxdomain.tld.orange-hotspot.com
; <<>> DiG 9.10.3-P2 <<>> nxdomain.tld.orange-hotspot.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54935
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nxdomain.tld.orange-hotspot.com. IN	A

;; ANSWER SECTION:
nxdomain.tld.orange-hotspot.com. 3600 IN A	103.224.212.222

;; AUTHORITY SECTION:
orange-hotspot.com.	171919	IN	NS	ns16.above.com.
orange-hotspot.com.	171919	IN	NS	ns15.above.com.

;; ADDITIONAL SECTION:
ns15.above.com.		171919	IN	A	103.224.182.5
ns15.above.com.		171919	IN	A	103.224.212.5
ns16.above.com.		171919	IN	A	103.224.212.6
ns16.above.com.		171919	IN	A	103.224.182.6

;; Query time: 180 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 09 16:39:12 CEST 2016
;; MSG SIZE  rcvd: 184

Bon génial, on à deux addresses… je me suis dit que un nmap pourrait être sympa, aller hop zou !

$ nmap -A 10.10.10.10
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:42 CEST
Nmap scan report for 10.10.10.10
Host is up (0.044s latency).
Not shown: 999 filtered ports
PORT   STATE  SERVICE VERSION
80/tcp closed http

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.40 seconds

$ nmap -A 103.224.212.222
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:43 CEST
Nmap scan report for lb-212-222.above.com (103.224.212.222)
Host is up (0.20s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
25/tcp open  smtp
|_smtp-commands: SMTP EHLO lb-212-222.above.com: failed to receive data: connection closed
|_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug)
80/tcp open  http    Apache httpd (PHP/5.4.45-0+deb7u5)
| http-robots.txt: 5 disallowed entries 
| /cpx.php /medios1.php /toolbar.php /check_image.php 
|_/check_popunder.php
|_http-server-header: Apache
|_http-title: Did not follow redirect to http://www.qfind.net?_inv
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port25-TCP:V=7.25BETA1%I=7%D=10/9%Time=57FA57A5%P=x86_64-pc-linux-gnu%r
SF:(NULL,25,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n")%r(He
SF:llo,46,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n501\x20EH
SF:LO\x20requires\x20valid\x20address\r\n");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.60 seconds

Et un HTTP… voyons voir si c’est celui qui ment.

$ curl -v -H 'Host: nxdomain.tld' 103.224.212.222
* Rebuilt URL to: 103.224.212.222/
*   Trying 103.224.212.222...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 103.224.212.222 (103.224.212.222) port 80 (#0)
> GET / HTTP/1.1
> Host: nxdomain.tld
> User-Agent: curl/7.50.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Sun, 09 Oct 2016 14:45:05 GMT
< Server: Apache
< X-Powered-By: PHP/5.4.45-0+deb7u5
< Content-Length: 371
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
{ [371 bytes data]

100   371  100   371    0     0    866      0 --:--:-- --:--:-- --:--:--   868
* Closing connection 0
<html>
<head>
<title>nxdomain.tld</title>
</head>
<frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
<frame src="http://instantfwding.com/?dn=nxdomain.tld&pid=7PO2UM885">
<noframes>
<body bgcolor="#ffffff" text="#000000">
<a href="http://instantfwding.com/?dn=nxdomain.tld&pid=7PO2UM885">Click here to enter</a>.
</body>
</noframes>
</frameset>
</html>

Trouvé !
Si vous avez encore des personnes qui ne vous croient pas sur une connection non-neutre, mettez-les sur un wifi orange semi-public y’aurat des trucs pas habituels :P

Ah et orange à l’air d’utiliser une bonne grosse masse de Debian(cf. le deb dans la version du Serveur apache menteur ainsi que pour PHP) donc ouais le libre ça marche pas avec orange™