[atlas] Strange certificates at probe 17009
- Previous message (by thread): [atlas] Strange certificates at probe 17009
- Next message (by thread): [atlas] Strange certificates at probe 17009
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sajal Kayan
sajal83 at gmail.com
Sat Aug 1 19:36:14 CEST 2015
This ISP (True Internet - AS7470 and AS17552 ) already intercepts http traffic using transparent proxy since quite some time. There were rumours recently that Thai ISPs would start intercepting https and making users install their TLS certificate. But I have not seen any evidence of it personally, nor have I heard of anyone who got certificate hijacked while browsing.... So its likely a proxy in the probe host's local network. On Sat, Aug 1, 2015 at 11:36 PM Andrew Bosch <andrewbosch at comcast.net> wrote: > The Fortinet name in the certificate suggests a firewall or proxy that is > intercepting traffic from the probe. > > > -----Original Message----- > From: ripe-atlas [mailto:ripe-atlas-bounces at ripe.net] On Behalf Of > Stephane > Bortzmeyer > Sent: Saturday, August 1, 2015 10:36 AM > To: ripe-atlas at ripe.net > Subject: [atlas] Strange certificates at probe 17009 > > Probe #17009, located in Bangkok, when asked to perform a "sslcert" > measurement, always retrieve a certificate whose expiration date is > 2024-10-31, whatever the target is. There is probably a > man-in-the-middle before the probe... > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/ripe-atlas/attachments/20150801/b5a9eb11/attachment.html>
- Previous message (by thread): [atlas] Strange certificates at probe 17009
- Next message (by thread): [atlas] Strange certificates at probe 17009
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]