On 8 January 2015 at 16:46, Aaron Gibson aagbsn@extc.org wrote:
Do they MITM connections to any cloud providers such as Amazon, CloudFlare, Google, etc?
I have just parsed the official list of blocked domains (http://www.iaui.gov.lv/images/Blokesana/Block_domain.pdf -> https://popovs.lv/crap/ooni/domains.txt) and resolved them and checked the ASs of their IPs (also comparing the reports from my network with reports from a host in Croatia: I didn't see any differences in IPs that weren't due to multiple A DNS records, although it's important to note I'm using Google Public DNS instead of Lattelecom DNS) (https://popovs.lv/crap/ooni/domains_resolved.txt). There are a bunch of websites hosted/proxied by Cloudflare and Amazon (AS13335 and AS16509, respectively), I took a random one: lucky31.com, hosted on 198.41.249.151 by Cloudflare. http://www.tcpiputils.com/browse/ip-address/198.41.249.151 told me that unitedcostumes.com.au was also hosted on that IP. unitedcostumes.com.au is available to me over HTTP, and seems to not have any gambling-related content. Accessing it over HTTPS, however, is impossible from the Lattelecom network, because the TLS connection times out, in exactly the same manner as I previously observed while attempting to query blocked HTTPS servers while requesting a non-blocked server name. Also, I was able to access unitedcostumes.com.au via HTTPS through Tor. To conclude, this is a real case of a non gambling-related page being blocked, although almost definitely by accident. I will notify Lattelecom about this.
Thank you for your suggestion to check this.