<div dir="ltr">Traceroute is useless. Only traffic directed at port 80 is routed through the proxies. Nothing else, meaning that ICMP, used for traceroute, would got to the target directly. <div><br></div><div>There are methods of identifying transparent proxies (you could probably ask Google about them), however, this is not one of them.</div><div><br></div><div>Etzion</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Mar 21, 2015 at 7:48 PM, E.S. Rosenberg <span dir="ltr"><<a href="mailto:esr+linux-il@g.jct.ac.il" target="_blank">esr+linux-il@g.jct.ac.il</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Depending on the version of windows and it's network environment you freshly installed rootkits could be likely, but that is OT here.<br><br></div>Note that different ISP in Israel is a fairly relative statement since there are basically just a few major players who own a bunch of the smaller ISPs and could have caching proxies on their international lines...<br></div><br></div>Did you traceroute the connection both from working and non-working settings?<br><br></div>Regards,<br></div>Eliyahu - אליהו<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2015-03-21 8:30 GMT+02:00 Amos Shapira <span dir="ltr"><<a href="mailto:amos.shapira@gmail.com" target="_blank">amos.shapira@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Just speculating, but could it be that your ISP uses a caching transparent proxy (which would explain why it doesn't happen on SSL) and its cache got corrupted?<div>The "other ISP" case could be explained if it's actually upstream/downstream from your ISP, or they share a proxy cache for other reasons.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 21 March 2015 at 04:07, Roman Ovseitsev <span dir="ltr"><<a href="mailto:romovs@gmail.com" target="_blank">romovs@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div>Please forgive the slight off-topic, but I am experiencing a rather strange issue while downloading a certain file over HTTP.<br><br>Instead of getting node.js installer as expected from here <a href="http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi" target="_blank">http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi</a> I am receiving a completely different executable - an installer for Elcomsoft's Advanced EFS Password Recovery whatever that is.<br><br>Both files are exactly the same size but SHA sums obviously don't match.<br><br>SSL version of the link - <a href="https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi" target="_blank">https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi</a> works as expected. i.e. downloads the correct node.js installer.<br><br><br>I have verified this on three different machines running Fedora, CentOS, and Windows. None of these machines ever exchanged any files or used anything else but the default repos. In fact the windows machine is a 13 years old pc with a freshly installed OS. So presumably that dismisses any possibility of rootkits.<br><br>It doesn't seems to be due to my router or ISP either. I am getting the wrong executable on two of my neighbours' Wi-Fi networks and at least one of them seems to be using a different ISP.<br>However it doesn't happen on another Israeli nor a couple of US and UK servers I've tried so far.<br></div><div>I am not using any proxies either.<br><br></div><div><a href="http://nodejs.org" target="_blank">nodejs.org</a> domain on all of the above resolves to the same IP.<br><br><br></div><div>What's going on?<br>Could be that the ISPs are the culprit? <br><br></div><div>Considering that the application is relatively popular and I am the only one experiencing this issue it doesn't seem to be the case of <a href="http://nodejs.org" target="_blank">nodejs.org</a> server doing this on purpose (knowingly or not).</div></div>
<br></div></div>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il" target="_blank">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><a href="http://au.linkedin.com/in/gliderflyer" target="_blank"><img src="https://static.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x25.png"></a><br></div></div>
</font></span></div>
<br>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il" target="_blank">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
<br></blockquote></div><br></div>