Missing Middle Box

[adquadratum]

I am in a middle box situation with certainty. I actually caught the man doing an ARP attack in August of 2016. I have collected quite a pile of evidence in screen shots of ip addresses.

My telephone was configured for TOR and I am pretty sure it was set to Toriffy all traffic. Initially Ooniprobe did not detect a middle box. I am not sure of this step but I think that I changed the phone settings to ignore IPV6. Then Ooniprobe detected a middle box twice. Then my phone was hacked and now says that transparent proxy is not supported and TOR no longer works. Ooniprobe on my phone no longer detects a middle box.

I installed Lepidopter on a Raspberry pi and noticed that the screen reports an IPV4 address as it should but users=0 so I cant tell whether it is functioning. It just sits at the command prompt. The IPV4 address is 192.168.1.64. My computer shows an IPV6 address until I set it to ignore and reset. Then I see is 173.183.190.200 which is a change from the Ooniprobe from my phone. I just got a new service and router in the same building as is being monitored. It was on AS852.

The method being used here seems similar to a method listed on the forum to block individual web sites. IPV6/DNS misdirection. Here it is being used to redirect the entire internet.

Thank-you for your hard work on this magnificent tool! If I can help let me know.

Greg Rudy

[anadahz]

Hello @adquadratum it seems that there is some confusion and I'm not quite sure I understand the issue here I will try to go through your report and try to make some sense.

I am in a middle box situation with certainty. I actually caught the man doing an ARP attack in August of 2016. I have collected quite a pile of evidence in screen shots of ip addresses.

Not sure how you actually found out about the attack but perhaps it will be useful to share this report with some people in private that may be able to help you (email?).

My telephone was configured for TOR and I am pretty sure it was set to Toriffy all traffic. Initially Ooniprobe did not detect a middle box. I am not sure of this step but I think that I changed the phone settings to ignore IPV6. Then Ooniprobe detected a middle box twice. Then my phone was hacked and now says that transparent proxy is not supported and TOR no longer works. Ooniprobe on my phone no longer detects a middle box.

If you are torifying all network traffic on your phone ooniprobe will run tests via the Tor network instead of the network that you are currently and the ooniprobe reports that you are reading are (most probably) not relevant to your network.

I installed Lepidopter on a Raspberry pi and noticed that the screen reports an IPV4 address as it should but users=0 so I cant tell whether it is functioning. It just sits at the command prompt. The IPV4 address is 192.168.1.64. My computer shows an IPV6 address until I set it to ignore and reset. Then I see is 173.183.190.200 which is a change from the Ooniprobe from my phone. I just got a new service and router in the same building as is being monitored. It was on AS852.

In order to initialize ooniprobe you need to access it's web interface usually reachable under the URL: http://lepidopter.local
Please read the documentation on how to access ooniprobe's web interface in lepidopter or let us know if you experience any issue with that.

The method being used here seems similar to a method listed on the forum to block individual web sites. IPV6/DNS misdirection. Here it is being used to redirect the entire internet.

I don't understand which method are you referring to?

Thank you reporting this issue, hope this helps you.