Hi everybody on Swinog,
some time ago I once again had to help out some friends with the setup of their new ADSL connection (the kind of private support favour probably most of you on this list also get asked for over and over again by relatives and friends). Just after I connected a laptop to the LAN-port of their router that needed to be set up, I got this mail in the inbox:
Received: from Sandbox Mail Server From:sandbox@noreply To: ***** Precedence: bulk Message-ID: ***** Subject: Support Information Content-Type: text/plain; charset=UTF-8 Date: Thu, ** *** **** **:**:** -0000
Lieber Kunde
Der Benutzername (Beispiel: Name@ISP.ch) Ihres Internet-Anschlusses ist nicht korrekt. Bitte überprüfen Sie den eingegebenen Benutzernamen im Router/Modem oder wenden Sie sich an Ihren Internetanbieter.
Mit freundlichen Grüssen Ihr Internetanbieter
[* used to overwrite some info from the original mail, containing user names and other things I don't want to share]
Now, this seems like a helpful feature at first - but the thing that bothers me is that the provider of the sandbox actually "hijacks" (I didn't check it out in detail, but maybe through a DNS server with a wildcard entry or directly on the TCP/IP level, it doesn't matter how) outgoing connections for various services and redirects them to their servers.
While I think this is okay maybe for HTTP to display a helpful message in the browser, I don't like somebody to "provide" other services (as POP3, SMTP, FTP, HTTPS, whatever) and be able to happily log provided user/password information (yes, I know, everybody should just use encrypted connections, always check certificates and never supply a password in plain-text to any service -- but we all know that's not the reality).
Admittedly, I may seem a little bit too paranoid here, but still I'd just like to know who operates these sandbox machines: Is it the individual providers or Swisscom? What's the policy for this service? What protocols/services are hijacked? Do the connections get logged somehow?
What do you think? Or is there somebody on the list who's responsible for or at least knows more about these sandbox machines? Just wonder... :)
Regards, Beat Vontobel MeteoNews AG
P.S.: This is my first post to the list. I was following it for quite some time now, mostly to stay up-to-date on Swiss network issues, as I too often had to debug issues outside of our own network, when our customers (we provide weather data and services) had connectivity issues. But things are really much more relaxed now, since we finally operate our own AS44238 and are no longer dependent on one single provider... of course, now it might just be me and myself who mess things up -- but then I should also be able to fix it myself instead of just have to wait until a NOC somewhere fixes a stupid routing issue... So much for a short introduction. :)