logo

blog

Unnamed repository; edit this file 'description' to name the repository.
commit f45221977f34bdc25c2e3e38e401312d77aa9570
parent 28e381052340d120c946a400946b2b8dbcf662d3
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Sun,  9 Oct 2016 17:37:00 +0200

articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge: Nouvel article

Diffstat:
articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html | 168+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.shtml | 16++++++++++++++++
2 files changed, 184 insertions(+), 0 deletions(-)

diff --git a/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html b/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html @@ -0,0 +1,168 @@ +<a href="/articles/La%20neutralit%C3%A9e%20du%20Net%20sur%20un%20wifi%20Orange%E2%84%A2,%20deuxi%C3%A8me%20mensonge"><h1>La neutralitée du Net sur un wifi Orange™, deuxième mensonge</h1></a> +<p>Vut que je n’ai pas de vraie connection internet chez moi autre qu’un forfait à 50MB de 4G, j’utilise le réseau de orange… qui en plus de bloquer l’envoit des courriels par un client classique(mutt, thunderbird, …) (j’ai un tunnel SSH pour ceci et je pense mettre mutt sur mon serveur) fait aussi de la merde sur des nom-de-domaine inexistant·e, c’est à dire me rediriger(merci chromium, firefox a une option pour contrer ça) vers http://instantfwding.com/?dn=cet.abruti.de.nom.de.domaine.com&pid=7PO2UM87 Heuresement que j’ai uMatrix pour bloquer ces conneries. Sauf que ce n’est pas un comportement normal de mon réseau j’ai donc voulut voir ça de plus près.</p> +<pre><code> +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ cat /etc/resolv.conf.head +nameserver 127.0.0.1 +nameserver 80.67.169.12 +nameserver 80.67.169.40 +domain hacktivis.me +search hacktivis.me +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ cat /etc/resolv.conf +# Generated by dhcpcd from wlp0s22f2u3.dhcp +nameserver 127.0.0.1 +nameserver 80.67.169.12 +nameserver 80.67.169.40 +domain hacktivis.me +search hacktivis.me +domain orange-hotspot.com +nameserver 80.10.46.232 +# /etc/resolv.conf.tail can replace this line +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld +; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld +;; global options: +cmd +;; Got answer: +;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 27819 +;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4096 +;; QUESTION SECTION: +;nxdomain.tld. IN A + +;; AUTHORITY SECTION: +. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2016100900 1800 900 604800 86400 + +;; Query time: 47 msec +;; SERVER: 80.67.169.12#53(80.67.169.12) +;; WHEN: Sun Oct 09 16:34:01 CEST 2016 +;; MSG SIZE rcvd: 116 + +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld @80.10.46.232 +; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld @80.10.46.232 +;; global options: +cmd +;; Got answer: +;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 26873 +;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + +;; QUESTION SECTION: +;nxdomain.tld. IN A + +;; ANSWER SECTION: +nxdomain.tld. 3600 IN A 10.10.10.10 + +;; Query time: 43 msec +;; SERVER: 80.10.46.232#53(80.10.46.232) +;; WHEN: Sun Oct 09 16:36:26 CEST 2016 +;; MSG SIZE rcvd: 58 +</code></pre> +On commence déjà à avoir du DNS menteur, mais n’oubliont pas <code>domain orange-hotspot.com</code> (J’ai modifié ma config dhcpcd juste après avoir rédigé·e ce billet) +<pre><code> +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld.orange-hotspot.com +; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld.orange-hotspot.com +;; global options: +cmd +;; Got answer: +;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 54935 +;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4096 +;; QUESTION SECTION: +;nxdomain.tld.orange-hotspot.com. IN A + +;; ANSWER SECTION: +nxdomain.tld.orange-hotspot.com. 3600 IN A 103.224.212.222 + +;; AUTHORITY SECTION: +orange-hotspot.com. 171919 IN NS ns16.above.com. +orange-hotspot.com. 171919 IN NS ns15.above.com. + +;; ADDITIONAL SECTION: +ns15.above.com. 171919 IN A 103.224.182.5 +ns15.above.com. 171919 IN A 103.224.212.5 +ns16.above.com. 171919 IN A 103.224.212.6 +ns16.above.com. 171919 IN A 103.224.182.6 + +;; Query time: 180 msec +;; SERVER: 127.0.0.1#53(127.0.0.1) +;; WHEN: Sun Oct 09 16:39:12 CEST 2016 +;; MSG SIZE rcvd: 184 +</code></pre> +<p>Bon génial, on à deux addresses… je me suis dit que un nmap pourrait être sympa, aller hop zou !</p> +<pre><code> +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ nmap -A 10.10.10.10 +Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:42 CEST +Nmap scan report for 10.10.10.10 +Host is up (0.044s latency). +Not shown: 999 filtered ports +PORT STATE SERVICE VERSION +80/tcp closed http + +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 12.40 seconds + +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ nmap -A 103.224.212.222 +Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:43 CEST +Nmap scan report for lb-212-222.above.com (103.224.212.222) +Host is up (0.20s latency). +Not shown: 998 closed ports +PORT STATE SERVICE VERSION +25/tcp open smtp +|_smtp-commands: SMTP EHLO lb-212-222.above.com: failed to receive data: connection closed +|_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug) +80/tcp open http Apache httpd (PHP/5.4.45-0+deb7u5) +| http-robots.txt: 5 disallowed entries +| /cpx.php /medios1.php /toolbar.php /check_image.php +|_/check_popunder.php +|_http-server-header: Apache +|_http-title: Did not follow redirect to http://www.qfind.net?_inv +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port25-TCP:V=7.25BETA1%I=7%D=10/9%Time=57FA57A5%P=x86_64-pc-linux-gnu%r +SF:(NULL,25,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n")%r(He +SF:llo,46,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n501\x20EH +SF:LO\x20requires\x20valid\x20address\r\n"); + +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 36.60 seconds +</code></pre> +Et un HTTP… voyons voir si c’est celui qui ment. +<pre><code> +<span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ curl -v -H 'Host: nxdomain.tld' 103.224.212.222 +* Rebuilt URL to: 103.224.212.222/ +* Trying 103.224.212.222... + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed + 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 103.224.212.222 (103.224.212.222) port 80 (#0) +&gt; GET / HTTP/1.1 +&gt; Host: nxdomain.tld +&gt; User-Agent: curl/7.50.1 +&gt; Accept: */* +&gt; +&lt; HTTP/1.1 200 OK +&lt; Date: Sun, 09 Oct 2016 14:45:05 GMT +&lt; Server: Apache +&lt; X-Powered-By: PHP/5.4.45-0+deb7u5 +&lt; Content-Length: 371 +&lt; Connection: close +&lt; Content-Type: text/html; charset=UTF-8 +&lt; +{ [371 bytes data] + 100 371 100 371 0 0 866 0 --:--:-- --:--:-- --:--:-- 868 +* Closing connection 0 +&lt;html&gt; +&lt;head&gt; +&lt;title&gt;nxdomain.tld&lt;/title&gt; +&lt;/head&gt; +&lt;frameset rows="100%,*" frameborder="no" border="0" framespacing="0"&gt; +&lt;frame src="http://instantfwding.com/?dn=nxdomain.tld&amp;pid=7PO2UM885"&gt; +&lt;noframes&gt; +&lt;body bgcolor="#ffffff" text="#000000"&gt; +&lt;a href="http://instantfwding.com/?dn=nxdomain.tld&amp;pid=7PO2UM885"&gt;Click here to enter&lt;/a&gt;. +&lt;/body&gt; +&lt;/noframes&gt; +&lt;/frameset&gt; +&lt;/html&gt; +</code></pre> + +<p>Trouvé !<br> +Si vous avez encore des personnes qui ne vous croient pas sur une connection non-neutre, mettez-les sur un wifi orange semi-public y’aurat des trucs pas habituels :P</p> +Ah et orange à l’air d’utiliser une bonne grosse masse de Debian(cf. le deb dans la version du Serveur apache menteur ainsi que pour PHP) donc ouais <a href="https://davenull.tuxfamily.org/linux-livebox/">le libre ça marche pas avec orange™</a> diff --git a/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.shtml b/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.shtml @@ -0,0 +1,16 @@ +<!DOCTYPE html> +<html lang="fr"> + <head> +<!--#include file="/templates/head.shtml" --> + <title> — Cyber-habitat de lanodan</title> + <link type="application/rss+xml" href="/rss" title="flux RSS" rel="alternate"></link> + </head> + <body> +<!--#include file="/templates/fr/nav.shtml" --> + <article> +<!--#include file="/articles/La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html"--> + </article> + <a href="/articles/.html">article seul(HTML-brut)</a> +<!--#include file="/templates/fr/footer.html" --> + </body> +</html>