3

While trying to setup OpenDNS, and failing to make website filtering actually work, I realized my ISP is doing something nefarious with all HTTP requests. To make a long story short, if there's a Host: header, it doesn't matter what IP address I use, the website I get depends on the Host: header and nothing else.

It also seems to automatically use HTTP/1.1 even if I specify HTTP/1.0 in the request.

Examples:

Connect to google.com with Host: yahoo.com

$ echo -e "HEAD / HTTP/1.0\r\nHost: yahoo.com\r\n\r\n" | nc google.com 80
HTTP/1.1 301 Moved Permanently
Date: Mon, 02 Jan 2012 10:50:13 GMT
Location: http://www.yahoo.com/
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 0
Server: YTS/1.20.0
Connection: close

$

Connect to an invalid IP address with Host: yahoo.com

$ echo -e "HEAD / HTTP/1.0\r\nHost: yahoo.com\r\n\r\n" | nc 1.0.0.0 80
HTTP/1.1 301 Moved Permanently
Date: Mon, 02 Jan 2012 10:51:02 GMT
Location: http://www.yahoo.com/
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 0
Server: YTS/1.20.0
Connection: close

$

So, what is my ISP doing? And should I complain to them?

imgx64
  • 235
  • 3
  • 10

2 Answers2

5

Your ISP is using transparent proxy: http://en.wikipedia.org/wiki/Proxy_server#Transparent_proxy

Hubert Kario
  • 6,361
  • 6
  • 36
  • 65
  • 1
    Yep, that was it. Against Tom O'Connor's advice, I'll ask the ISP about it and see if it can be turned off for me. – imgx64 Jan 03 '12 at 04:57
3

I think you missed the OpenDNS FAQ:

Is OpenDNS running a proxy?

Yes, sometimes. OpenDNS runs a simple proxy in certain circumstances. Some Internet browsers and many toolbars intercept requests made from the address bar, which prevents initiation of a proper DNS request. Our proxy ensures that your requests are routed properly when using OpenDNS services.

And, like all OpenDNS services, the proxy is respectful of and works hard to protect your privacy. We do not track the DNS requests that are routed through the proxy. In fact, since so many people use toolbars, the proxy must automatically rotate and delete the logs, and this happens frequently.

OpenDNS does not store or mine any of the data that passes through our proxy. The proxy does nothing malicious – it is designed to ensure OpenDNS services work with all browsers and toolbars.

Javier
  • 9,268
  • 2
  • 24
  • 24
  • Nope, I'm sure it's my ISP. This happens even if I'm not using OpenDNS. – imgx64 Jan 03 '12 at 04:58
  • And just to be sure, when I use OpenDNS, I can confirm that DNS queries to supposedly blocked websites really return OpenDNS's "blocked website" address. But when I request a page from that address, I get the real page instead. – imgx64 Jan 03 '12 at 05:00