logo

blog

My cute blog can’t be this disorganised!

La neutralitée du Net sur un wifi Orange™, deuxième mensonge.html (8252B)


      1 <a href="/articles/La%20neutralit%C3%A9e%20du%20Net%20sur%20un%20wifi%20Orange%E2%84%A2,%20deuxi%C3%A8me%20mensonge"><h1>La neutralitée du Net sur un wifi Orange™, deuxième mensonge</h1></a>
      2 <p>Vut que je n’ai pas de vraie connection internet chez moi autre qu’un forfait à 50MB de 4G, j’utilise le réseau de orange… qui en plus de bloquer l’envoit des courriels par un client classique(mutt, thunderbird, …) (j’ai un tunnel SSH pour ceci et je pense mettre mutt sur mon serveur) fait aussi de la merde sur des nom-de-domaine inexistant·e, c’est à dire me rediriger(merci chromium, firefox a une option pour contrer ça) vers http://instantfwding.com/?dn=cet.abruti.de.nom.de.domaine.com&pid=7PO2UM87 Heuresement que j’ai uMatrix pour bloquer ces conneries. Sauf que ce n’est pas un comportement normal de mon réseau j’ai donc voulut voir ça de plus près.</p>
      3 <pre><code>
      4 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ cat /etc/resolv.conf.head
      5 nameserver 127.0.0.1
      6 nameserver 80.67.169.12
      7 nameserver 80.67.169.40
      8 domain hacktivis.me
      9 search hacktivis.me
     10 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ cat /etc/resolv.conf
     11 # Generated by dhcpcd from wlp0s22f2u3.dhcp
     12 nameserver 127.0.0.1
     13 nameserver 80.67.169.12
     14 nameserver 80.67.169.40
     15 domain hacktivis.me
     16 search hacktivis.me
     17 domain orange-hotspot.com
     18 nameserver 80.10.46.232
     19 # /etc/resolv.conf.tail can replace this line
     20 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld
     21 ; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld
     22 ;; global options: +cmd
     23 ;; Got answer:
     24 ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 27819
     25 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
     26 
     27 ;; OPT PSEUDOSECTION:
     28 ; EDNS: version: 0, flags:; udp: 4096
     29 ;; QUESTION SECTION:
     30 ;nxdomain.tld.			IN	A
     31 
     32 ;; AUTHORITY SECTION:
     33 .			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2016100900 1800 900 604800 86400
     34 
     35 ;; Query time: 47 msec
     36 ;; SERVER: 80.67.169.12#53(80.67.169.12)
     37 ;; WHEN: Sun Oct 09 16:34:01 CEST 2016
     38 ;; MSG SIZE  rcvd: 116
     39 
     40 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld @80.10.46.232
     41 ; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld @80.10.46.232
     42 ;; global options: +cmd
     43 ;; Got answer:
     44 ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 26873
     45 ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
     46 
     47 ;; QUESTION SECTION:
     48 ;nxdomain.tld.			IN	A
     49 
     50 ;; ANSWER SECTION:
     51 nxdomain.tld.		3600	IN	A	10.10.10.10
     52 
     53 ;; Query time: 43 msec
     54 ;; SERVER: 80.10.46.232#53(80.10.46.232)
     55 ;; WHEN: Sun Oct 09 16:36:26 CEST 2016
     56 ;; MSG SIZE  rcvd: 58
     57 </code></pre>
     58 On commence déjà à avoir du DNS menteur, mais n’oubliont pas <code>domain orange-hotspot.com</code> (J’ai modifié ma config dhcpcd juste après avoir rédigé·e ce billet)
     59 <pre><code>
     60 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ dig nxdomain.tld.orange-hotspot.com
     61 ; &lt;&lt;&gt;&gt; DiG 9.10.3-P2 &lt;&lt;&gt;&gt; nxdomain.tld.orange-hotspot.com
     62 ;; global options: +cmd
     63 ;; Got answer:
     64 ;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 54935
     65 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
     66 
     67 ;; OPT PSEUDOSECTION:
     68 ; EDNS: version: 0, flags:; udp: 4096
     69 ;; QUESTION SECTION:
     70 ;nxdomain.tld.orange-hotspot.com. IN	A
     71 
     72 ;; ANSWER SECTION:
     73 nxdomain.tld.orange-hotspot.com. 3600 IN A	103.224.212.222
     74 
     75 ;; AUTHORITY SECTION:
     76 orange-hotspot.com.	171919	IN	NS	ns16.above.com.
     77 orange-hotspot.com.	171919	IN	NS	ns15.above.com.
     78 
     79 ;; ADDITIONAL SECTION:
     80 ns15.above.com.		171919	IN	A	103.224.182.5
     81 ns15.above.com.		171919	IN	A	103.224.212.5
     82 ns16.above.com.		171919	IN	A	103.224.212.6
     83 ns16.above.com.		171919	IN	A	103.224.182.6
     84 
     85 ;; Query time: 180 msec
     86 ;; SERVER: 127.0.0.1#53(127.0.0.1)
     87 ;; WHEN: Sun Oct 09 16:39:12 CEST 2016
     88 ;; MSG SIZE  rcvd: 184
     89 </code></pre>
     90 <p>Bon génial, on à deux addresses… je me suis dit que un nmap pourrait être sympa, aller hop zou !</p>
     91 <pre><code>
     92 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ nmap -A 10.10.10.10
     93 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:42 CEST
     94 Nmap scan report for 10.10.10.10
     95 Host is up (0.044s latency).
     96 Not shown: 999 filtered ports
     97 PORT   STATE  SERVICE VERSION
     98 80/tcp closed http
     99 
    100 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    101 Nmap done: 1 IP address (1 host up) scanned in 12.40 seconds
    102 
    103 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ nmap -A 103.224.212.222
    104 Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2016-10-09 16:43 CEST
    105 Nmap scan report for lb-212-222.above.com (103.224.212.222)
    106 Host is up (0.20s latency).
    107 Not shown: 998 closed ports
    108 PORT   STATE SERVICE VERSION
    109 25/tcp open  smtp
    110 |_smtp-commands: SMTP EHLO lb-212-222.above.com: failed to receive data: connection closed
    111 |_smtp-ntlm-info: ERROR: Script execution failed (use -d to debug)
    112 80/tcp open  http    Apache httpd (PHP/5.4.45-0+deb7u5)
    113 | http-robots.txt: 5 disallowed entries 
    114 | /cpx.php /medios1.php /toolbar.php /check_image.php 
    115 |_/check_popunder.php
    116 |_http-server-header: Apache
    117 |_http-title: Did not follow redirect to http://www.qfind.net?_inv
    118 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
    119 SF-Port25-TCP:V=7.25BETA1%I=7%D=10/9%Time=57FA57A5%P=x86_64-pc-linux-gnu%r
    120 SF:(NULL,25,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n")%r(He
    121 SF:llo,46,"220\x20mwinf5d62\x20ME\x20ESMTP\x20server\x20ready\r\n501\x20EH
    122 SF:LO\x20requires\x20valid\x20address\r\n");
    123 
    124 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    125 Nmap done: 1 IP address (1 host up) scanned in 36.60 seconds
    126 </code></pre>
    127 Et un HTTP… voyons voir si c’est celui qui ment.
    128 <pre><code>
    129 <span style="color:green">haelwenn</span><span style="color:yellow">@NightmareMoon</span>:<span style="color:cyan">~</span>$ curl -v -H 'Host: nxdomain.tld' 103.224.212.222
    130 * Rebuilt URL to: 103.224.212.222/
    131 *   Trying 103.224.212.222...
    132   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
    133                                  Dload  Upload   Total   Spent    Left  Speed
    134 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 103.224.212.222 (103.224.212.222) port 80 (#0)
    135 &gt; GET / HTTP/1.1
    136 &gt; Host: nxdomain.tld
    137 &gt; User-Agent: curl/7.50.1
    138 &gt; Accept: */*
    139 &gt; 
    140 &lt; HTTP/1.1 200 OK
    141 &lt; Date: Sun, 09 Oct 2016 14:45:05 GMT
    142 &lt; Server: Apache
    143 &lt; X-Powered-By: PHP/5.4.45-0+deb7u5
    144 &lt; Content-Length: 371
    145 &lt; Connection: close
    146 &lt; Content-Type: text/html; charset=UTF-8
    147 &lt; 
    148 { [371 bytes data]
    149 
100   371  100   371    0     0    866      0 --:--:-- --:--:-- --:--:--   868
    150 * Closing connection 0
    151 &lt;html&gt;
    152 &lt;head&gt;
    153 &lt;title&gt;nxdomain.tld&lt;/title&gt;
    154 &lt;/head&gt;
    155 &lt;frameset rows="100%,*" frameborder="no" border="0" framespacing="0"&gt;
    156 &lt;frame src="http://instantfwding.com/?dn=nxdomain.tld&amp;pid=7PO2UM885"&gt;
    157 &lt;noframes&gt;
    158 &lt;body bgcolor="#ffffff" text="#000000"&gt;
    159 &lt;a href="http://instantfwding.com/?dn=nxdomain.tld&amp;pid=7PO2UM885"&gt;Click here to enter&lt;/a&gt;.
    160 &lt;/body&gt;
    161 &lt;/noframes&gt;
    162 &lt;/frameset&gt;
    163 &lt;/html&gt;
    164 </code></pre>
    165 
    166 <p>Trouvé !<br>
    167 Si vous avez encore des personnes qui ne vous croient pas sur une connection non-neutre, mettez-les sur un wifi orange semi-public y’aurat des trucs pas habituels :P</p>
    168 Ah et orange à l’air d’utiliser une bonne grosse masse de Debian(cf. le deb dans la version du Serveur apache menteur ainsi que pour PHP) donc ouais <a href="https://davenull.tuxfamily.org/linux-livebox/">le libre ça marche pas avec orange™</a>