Tak ještě něco, stáhnul jsem si ty dumpy a jsem si jist, že T-mobile modifikuje data na cestě:
Předvedu to dvojicí shodných dotazů na shodný server i.root-servers.net s adresou 192.36.148.17. Nejprve O2:
No. Time Source Destination Protocol Info
4 0.042980 192.168.0.1 192.36.148.17 DNS Standard query DNSKEY <Root>
Frame 4: 70 bytes on wire (560 bits), 70 bytes captured (560 bits)
Ethernet II, Src: CameoCom_b7:be:ee (00:40:f4:b7:be:ee), Dst: CompalEl_d3:59:53 (00:0f:b0:d3:59:53)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.36.148.17 (192.36.148.17)
User Datagram Protocol, Src Port: 34272 (34272), Dst Port: domain (53)
Domain Name System (query)
[Response In: 5]
Transaction ID: 0xf27a
Flags: 0x0010 (Standard query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type DNSKEY, class IN
Name: <Root>
Type: DNSKEY (DNS public key)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
No. Time Source Destination Protocol Info
5 0.079378 192.36.148.17 192.168.0.1 DNS Standard query response DNSKEY DNSKEY DNSKEY RRSIG
Frame 5: 925 bytes on wire (7400 bits), 925 bytes captured (7400 bits)
Ethernet II, Src: CompalEl_d3:59:53 (00:0f:b0:d3:59:53), Dst: CameoCom_b7:be:ee (00:40:f4:b7:be:ee)
Internet Protocol, Src: 192.36.148.17 (192.36.148.17), Dst: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: domain (53), Dst Port: 34272 (34272)
Domain Name System (response)
[Request In: 4]
[Time: 0.036398000 seconds]
Transaction ID: 0xf27a
Flags: 0x8410 (Standard query response, No error)
Questions: 1
Answer RRs: 4
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type DNSKEY, class IN
Name: <Root>
Type: DNSKEY (DNS public key)
Class: IN (0x0001)
Answers
<Root>: type DNSKEY, class IN
Name: <Root>
Type: DNSKEY (DNS public key)
Class: IN (0x0001)
Time to live: 2 days
Data length: 136
Flags: 0x0100
Protocol: 3
Algorithm: RSA/SHA-256
Key id: 34525
Všechno je v pořádku, dotaz zněl na DNSKEY, DNSKEY byl vrácen...
Nyní ten samý dotaz na tu samou adresu přes T-M:
No. Time Source Destination Protocol Info
29 2.700126 89.24.27.50 192.36.148.17 DNS Standard query DNSKEY <Root>
Frame 29: 72 bytes on wire (576 bits), 72 bytes captured (576 bits)
Linux cooked capture
Internet Protocol, Src: 89.24.27.50 (89.24.27.50), Dst: 192.36.148.17 (192.36.148.17)
User Datagram Protocol, Src Port: 65418 (65418), Dst Port: domain (53)
Source port: 65418 (65418)
Destination port: domain (53)
Length: 36
Checksum: 0x732b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 30]
Transaction ID: 0x02ff
Flags: 0x0010 (Standard query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type DNSKEY, class IN
Name: <Root>
Type: DNSKEY (DNS public key)
Class: IN (0x0001)
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
0000 00 04 02 00 00 00 00 00 00 00 00 00 00 00 08 00 ................
0010 45 00 00 38 29 62 00 00 40 11 88 d3 59 18 1b 32 E..8)b..@...Y..2
0020 c0 24 94 11 ff 8a 00 35 00 24 73 2b 02 ff 00 10 .$.....5.$s+....
0030 00 01 00 00 00 00 00 01 00 00 30 00 01 00 00 29 ..........0....)
0040 10 00 00 00 80 00 00 00 ........
No. Time Source Destination Protocol Info
30 2.785972 192.36.148.17 89.24.27.50 DNS Standard query response OPT
Frame 30: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Linux cooked capture
Internet Protocol, Src: 192.36.148.17 (192.36.148.17), Dst: 89.24.27.50 (89.24.27.50)
User Datagram Protocol, Src Port: domain (53), Dst Port: 65418 (65418)
Source port: domain (53)
Destination port: 65418 (65418)
Length: 52
Checksum: 0xe84d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 29]
[Time: 0.085846000 seconds]
Transaction ID: 0x02ff
Flags: 0x8580 (Standard query response, No error)
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 1
Queries
<Root>: type DNSKEY, class IN
Name: <Root>
Type: DNSKEY (DNS public key)
Class: IN (0x0001)
Answers
<Root>: type OPT
Name: <Root>
Type: OPT (EDNS0 option)
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x8000
Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
Bits 1-15: 0x0 (reserved)
Data length: 0
Additional records
<Root>: type A, class IN, addr 62.141.6.172
Name: <Root>
Type: A (Host address)
Class: IN (0x0001)
Time to live: 18 hours, 12 minutes, 15 seconds
Data length: 4
Addr: 62.141.6.172 (62.141.6.172)
0000 00 00 02 00 00 00 00 00 00 00 00 00 00 00 08 00 ................
0010 45 00 00 48 85 99 00 00 ff 11 6d 8b c0 24 94 11 E..H......m..$..
0020 59 18 1b 32 00 35 ff 8a 00 34 e8 4d 02 ff 85 80 Y..2.5...4.M....
0030 00 01 00 01 00 00 00 01 00 00 30 00 01 00 00 29 ..........0....)
0040 10 00 00 00 80 00 00 00 c0 0c 00 01 00 01 00 00 ................
0050 ff ff 00 04 3e 8d 06 ac
Dotaz zněl stejně, v odpovědi chybí DNSKEY, naopak sekce ADDITIONAL tvrdí, že root zóna má A záznam (!!!) s adresou 62.141.6.172.
Můžete hádat třikrát, na jakou reverzní adresu se tato IP adresa mapuje:
$ host 62.141.6.172
172.6.141.62.in-addr.arpa domain name pointer ums.internet.t-mobile.cz.
T-Mobile vás tedy připojil k něčemu, čemu se nedá říkat Internet. Zbývá vám tedy jediné - reklamovat, reklamovat, reklamovat, když to nepůjde tak odejít. Od takovéhoto NATování je jen krůček k tomu aby Vám příště dělali MitM na SSL komunikaci či podobná zvěrstva.