[ NNSquad ] More on Hotels, OpenDNS, SMTP and man-in-the-middle interception of user communications

["David P. Reed" <dpreed@reed.com>]

Since we recently had a discussion here on nnsquad about OpenDNS and its 
practices, I thought it might be interesting to follow up with a real 
live data point.

Tonight I happen to be staying at a hotel in Allentown, PA.  It is the 
Best Western hotel on W. Tilghman Street, to be precise.  It offers 
"free high speed internet access" branded as SkyHighSpeed (Ovatn), which 
appears to be an independent hotel internet access provider.

Whenever I stay in a new place that provides free Internet access, it is 
my practice to test the facility for practices that interfere with 
end-to-end services (such as DNS, email, etc.) I have stayed here 
earlier this summer, and got similar results, reported them to Google's 
staff, but did not publicize them.  I have now verified that the 
situation persists.

I have attached a PDF file of output from the beta Netalyzr tool 
available by using the website http://netalyzr.icsi.berkeley.edu, once I 
acknowledged the terms of service.

THere are a number of problems here.  Three worth noting:

1) really poor network management.  Just like Comcast, the hotel's 
access network interjects many seconds of packet buffering in the path.  
This is presumably shared among customers, and leads to serious problems 
if end users download and upload lots of data.  The result is disruption 
of other customers' flows.  (this is what turned out to be Comcast's 
problem with BitTorrent - not BitTorrent, but way-too-large packet 
buffers in the last hop - DOCSIS modems in their case).

2) OpenDNS is in use.  Note that I had no choice to opt in or opt out.  
It was foisted on my by the hotel, without warning in their usage 
agreement.  The particular effects of OpenDNS are:
    a) web accesses to mistyped domains are redirected to sites that 
provide advertising on port 80, and
    b) non-web accesses to mistyped domains do not tell the user that 
the domain does not in fact exist, but
    give a misleading error that implies the service is *down*.
    c) certain domains are redirected to the wrong target.  
Frighteningly, these include "www.google.com" and "www.google.co.uk".
> $ ping www.google.com
> PING google.navigation.opendns.com (208.67.217.231) 56(84) bytes of data.
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=1 ttl=55 time=17.7 ms
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=2 ttl=55 time=126 ms
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=3 ttl=55 time=222 ms
> ping www.google.co.uk
> PING google.navigation.opendns.com (208.67.217.231) 56(84) bytes of data.
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=1 ttl=55 time=18.0 ms
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=2 ttl=55 time=240 ms
> 64 bytes from google.navigation.opendns.com (208.67.217.231): 
> icmp_seq=3 ttl=55 time=17.5 ms
The result of this redirection is that any text typed into the Google 
"search" box is sent, not to the url http://www.google.com/search , but 
to google.navigation.opendns.com/search - that is, to opendns.  Since 
such information is private, it is a bit shocking to see that one's 
Google searches are being intercepted without opt-in or opt-out.

3) attempts to post mail to one's personal email service using SMTP are 
intercepted by the Internet Access Provider's SMTP service.  This gives 
the IAP access to the content of all mail sent from the hotel.

These problems are pointed out by the Netalyzr tool quite well, as you 
can see from the attached printout of the web page resulting from the test.

None of these interceptions of content are acknowledged by the Internet 
Access Provider.

Attachment: ovatn best western netalyzer.pdf
Description: Adobe PDF document