While looking into the ability of my phone to access a blocked domain name, I tried some wget from my laptop and noticed that I can still wget things that are supposed to be blocked.
For example, I have *.mixmarket.biz blocked in the blocked sites list. But I can still successfully retrieve the landing page:
vsniff0315c-carnivore-fbi-doj:development bladernr$ wget www.mixmarket.biz
--2018-01-06 15:13:38-- http://www.mixmarket.biz/
Resolving www.mixmarket.biz... 188.8.131.52
Connecting to www.mixmarket.biz|184.108.40.206|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://mixmarket.biz/ [following]
--2018-01-06 15:13:38-- http://mixmarket.biz/
Resolving mixmarket.biz... 220.127.116.11
Reusing existing connection to www.mixmarket.biz:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
[ <=> ] 35,239 55.7KB/s in 0.6s
2018-01-06 15:13:39 (55.7 KB/s) - ‘index.html’ saved 
likewise I have a block listing for *.v1cdn.net and yet I can still do this:
vsniff0315c-carnivore-fbi-doj:development bladernr$ wget gpla1.wpc.v1cdn.net
--2018-01-06 15:19:38-- http://gpla1.wpc.v1cdn.net/
Resolving gpla1.wpc.v1cdn.net... 18.104.22.168
Connecting to gpla1.wpc.v1cdn.net|22.214.171.124|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-01-06 15:19:38 ERROR 404: Not Found.
It's returning a 404 as there's nothing there to grab, but I can still resolve that domain name and attempt to access it.
A whois on that IP shows that it's actually resolving and connecting to a Verizon owned IP address:
NetRange: 126.96.36.199 - 188.8.131.52 CIDR: 184.108.40.206/20 NetName: EDGECAST-NETBLK-01 NetHandle: NET-72-21-80-0-1 Parent: NET72 (NET-72-0-0-0-0) NetType: Direct Allocation OriginAS: AS15133 Organization: MCI Communications Services, Inc. d/b/a Verizon Business (MCICS) RegDate: 2007-04-23 Updated: 2017-12-01 Comment: For abuse concerns, please contact email@example.com Ref: https://whois.arin.net/rest/net/NET-72-21-80-0-1
and if I visit that URL in a browser, I get a google malware warning page and a manual click through to either the Google page report or to click through to the originally requested URL.
Unless I'm just misreading things and the firewall block list is a redirect back into a cloud instance somewhere on Verizon's network, though if that were the case I'd have expected a redirect into AWS or some public cloud provider.
Please sign in to leave a comment.