Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 24-07-2008, 15:16   #12628
Dephormation
Inactive
 
Join Date: Apr 2008
Location: Bristol
Services: Aquiss.net and loving it. No more Virgin Media, no more Virgin Phone, no more Virgin Mobile.
Posts: 629
Dephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to allDephormation is a name known to all
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by BetBlowWhistler View Post
If you see a lot of hops in within the same subnet range that could indicate that some re-direction was going on (proxies basically).

Having said that, traceroute is a diagnostic tool. In of itself it just gives you something to work with regarding where the packets are actually going, how many hops. It really needs to be used in conjunction with a detailed network diagram to say for sure what was going on.
Important to note there are two levels of 'redirection' that might relate to Phorming.

There's redirection at the application (http web) layer - which is what Phorm described to Richard Clayton. You'd see this in your web browsers as an unexpected page load from webwise.net (used to set phorged cookies).

Then there's redirection of packets at the transport/network (TCP/IP packet) layer - which is what is being discussed with respect to trace routes.

As an end user you have no control over packet routes, the route your packet takes is determined by routers. However if you see packets taking a strange route, such as bouncing around a set of IPs in a subnet, or in/out/in/out of a given subnet... you might infer that route wasn't 'optimal' (for want of a very different word).
Dephormation is offline