On Aug 8, 2011 4:24 PM, "Christopher Morrow" <morrowc.li...@gmail.com> wrote: > > On Sat, Aug 6, 2011 at 10:03 PM, Scott Helms <khe...@ispalliance.net> wrote: > > Not trying to be obtuse, but none of the technical docs you cite appear to > > talk about HTTP proxies nor does the newswire report have any technical > > details. I have tested several of the networks listed in the report and in > > none of the cases I saw was there HTTP proxy activity. Picking up on > > WCCP/TCS isn't that hard (I used to install those myself) so unless there is > > some functionality in IOS and/or JUNOS that allows I don't see it happening. > > Paxfire can operate all of the proxies they want but the network > > infrastructure has to be able to pass the traffic over to those proxies and > > I don't see it (on at least 3 of the networks cited). > > barefruit/paxfire/nominum/etc all do essentially the same thing: > 1) install a dns-appliance in-line (some form of in-line, there are > lots of options, it's not really important in the end which is used) > between 'cache resolver' and 'user'. (198.6.1.1 has a paxfire > appliance literally in-line between it's customer facing port and the > world) > > 2) chose a set/subset of queries to falsify answers for (nxdomain > only? autosearch.msn.com? *.google.com? *?) > > 3) run a farm of servers somewhere else (in the case of paxfire they > are the jomax.net servers: > ;; QUESTION SECTION: > ;asdkjad912jd.123adsad.com. IN A > ;; ANSWER SECTION: > asdkjad912jd.123adsad.com. 60 IN A 64.158.56.49 > asdkjad912jd.123adsad.com. 60 IN A 63.251.179.49 > ;; AUTHORITY SECTION: > asdkjad912jd.123adsad.com. 65535 IN NS WSC2.JOMAX.NET. > asdkjad912jd.123adsad.com. 65535 IN NS WSC1.JOMAX.NET. > > In the case of barefruit it's another complex and in the case of > nominum it's a third complex ... > > 4) accept http/https/etc on the complex of servers, funnel you an > answer which is essentially 'hostname == search-query'. For non-http > most of these complexes are SUPPOSED to not permit a connect to > happen... for jomax at least they don't accept tcp/443, they do accept > 25 though :( > > 5) profit if users click on these results. > > It's not black magic, it's annoying and wrong for some versions > (depending upon your ethics I guess?) of wrong :( I wish ISP's would > stop doing this, and it seems that some folk have luck twisting arms > at ISP's to make this stop. > > -chris >
Some people believe the search results are a better user experience than the error page they would otherwise receive. The "awesome bar" is a similar feature....imho Cb
