BTTB
22-07-2004, 08:11 PM
<b>Extract taken from The Rodents Website.</b>
http://poopband.co.za/modules/news/
Sentech's incompetence has reached newfound levels - previously believed
to be unattainable. And, I believe, Sentech has been blaming the users on
their network -- for nothing.
I've known for a while, that Sentech makes use of the NetCache appliance
in order to do transparent HTTP, and FTP proxying on their network. Let's
face it. Every single ISP in South Africa does it, and it's a good way
to ensure optimal network usage, for the average Netizen. A transparent
proxy ensures that for example, http://www.google.com/images/logo.gif is
only delivered onto the ISP's network once, and then cached locally,
thus saving the ISP on expensive international bandwidth.
These hosts, in the case of Sentech's MyWireless users are stpxc01.sentechsa.net
and stpxc02.sentechsa.net. This can be found, by simply looking at the return
browser headers when surrfing any site using MyWireless. The required
"Via: 1.1 stpxc01 (NetCache NetApp/5.5R3)" in the HTTP response you receive
from every website you visit via MyWireless is indicative of this.
Naturally inquisitive, I scanned these hosts, only to find that port 3128,
the well-know Squid HTTP proxy port, is directly open for connection,
without being transparently intercepted by the NetCache itsself.
Imagine my surprise, when I found that this is also true for users OUTSIDE
Sentech's IP network. Normally any non-brain dead ISP, would create an access
control list to ensure that only customers within it's network are allowed
access to the proxy server. Sentech have not done this. These
two proxies are open to the entire world.
It also gets worse. There are about 5 other infosat proxies on their backbone
- all exhibiting this same shocking behaviour. Imagine my utter lack of surprise,
when I did a quick google, and found that more than a few of these IP's have
made their way into publically available "open proxy" lists.
For a simple example, surf across to
http://www.stayinvisible.com/index.pl/proxy_list?order=country%20asc&offset=400,
and look for the 168.210. address. That's proxy2s.infosat.co.za.
stpxc01/2 have made their way into other lists, which I'm sure readers
will be able to disover by themselves.
Now, I don't have to tell you what nearly every capped ADSL user scrambles
for, once his 3Gigabyte limit has been reached. Yes... An open proxy.
As some proof of this utterly incredible phenomenon, simply look at my nmap
scans, and a simple telnet-based HTTP request I made against these two proxies
from an outside server. If you'd like to test it yourself, point your browsers'
proxy settings at stpxc01.sentechsa.net, port 3128, and enjoy some free
bandwidth, courtesy of Sentech's MyWireless subscribers. We're footing the bill
for that, and taking the flak for it.
This kind of sheer incompetance should show you where the real problem lies.
I hope that the media, picks up on this story, I haven't really had extraordinary
feedback from the people I've chatted to so far. Probably because it IS a bit
of a technical issue, and not clearly understandable by the lay reader.
Here are the transcripts of the scans, and HTTP requests. Feel free to try this
at home, or on ADSL, or for that matter anywhere in the world.
<b><hr noshade size="1"></b><font size="2"><font color="red"><b>You can take Telkom out of the Post Office but you can't take the Post Office out of Telkom.</b></font id="red"></font id="size2">
http://poopband.co.za/modules/news/
Sentech's incompetence has reached newfound levels - previously believed
to be unattainable. And, I believe, Sentech has been blaming the users on
their network -- for nothing.
I've known for a while, that Sentech makes use of the NetCache appliance
in order to do transparent HTTP, and FTP proxying on their network. Let's
face it. Every single ISP in South Africa does it, and it's a good way
to ensure optimal network usage, for the average Netizen. A transparent
proxy ensures that for example, http://www.google.com/images/logo.gif is
only delivered onto the ISP's network once, and then cached locally,
thus saving the ISP on expensive international bandwidth.
These hosts, in the case of Sentech's MyWireless users are stpxc01.sentechsa.net
and stpxc02.sentechsa.net. This can be found, by simply looking at the return
browser headers when surrfing any site using MyWireless. The required
"Via: 1.1 stpxc01 (NetCache NetApp/5.5R3)" in the HTTP response you receive
from every website you visit via MyWireless is indicative of this.
Naturally inquisitive, I scanned these hosts, only to find that port 3128,
the well-know Squid HTTP proxy port, is directly open for connection,
without being transparently intercepted by the NetCache itsself.
Imagine my surprise, when I found that this is also true for users OUTSIDE
Sentech's IP network. Normally any non-brain dead ISP, would create an access
control list to ensure that only customers within it's network are allowed
access to the proxy server. Sentech have not done this. These
two proxies are open to the entire world.
It also gets worse. There are about 5 other infosat proxies on their backbone
- all exhibiting this same shocking behaviour. Imagine my utter lack of surprise,
when I did a quick google, and found that more than a few of these IP's have
made their way into publically available "open proxy" lists.
For a simple example, surf across to
http://www.stayinvisible.com/index.pl/proxy_list?order=country%20asc&offset=400,
and look for the 168.210. address. That's proxy2s.infosat.co.za.
stpxc01/2 have made their way into other lists, which I'm sure readers
will be able to disover by themselves.
Now, I don't have to tell you what nearly every capped ADSL user scrambles
for, once his 3Gigabyte limit has been reached. Yes... An open proxy.
As some proof of this utterly incredible phenomenon, simply look at my nmap
scans, and a simple telnet-based HTTP request I made against these two proxies
from an outside server. If you'd like to test it yourself, point your browsers'
proxy settings at stpxc01.sentechsa.net, port 3128, and enjoy some free
bandwidth, courtesy of Sentech's MyWireless subscribers. We're footing the bill
for that, and taking the flak for it.
This kind of sheer incompetance should show you where the real problem lies.
I hope that the media, picks up on this story, I haven't really had extraordinary
feedback from the people I've chatted to so far. Probably because it IS a bit
of a technical issue, and not clearly understandable by the lay reader.
Here are the transcripts of the scans, and HTTP requests. Feel free to try this
at home, or on ADSL, or for that matter anywhere in the world.
<b><hr noshade size="1"></b><font size="2"><font color="red"><b>You can take Telkom out of the Post Office but you can't take the Post Office out of Telkom.</b></font id="red"></font id="size2">