Sonic Fiber — Occasional SSL Validation Failures, BGW320's cert presented in place of legit host's

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
5 posts Page 1 of 1
by jrmiddle » Mon Oct 25, 2021 1:14 pm
Occasionally over the past few months, devices (phones / computers) on our network have complained about certificate validation failures for well-known sites—GMail, iCloud, GCalendar, and as one can see below, PagerDuty. It looks very much like the modem's cert is being presented to the client, rather than the site's; this gives me the heeby-jeebies. This happens on our computers (all MacOS) and phones (iOS and Android). iOS pictured:

Image

While the user didn't provide much technical detail on this post from 3 years ago on the ATT forums (https://forums.att.com/conversations/att-internet-equipment/ssl-error/5deff6bdbad5f2f606832ea9), the symptoms being described are similar (also worrying is ATT support's implying that the user should disable some privacy controls in Chrome).

Is there a simple explanation that can account for why this happens? My default reaction is to Be Very Concerned.
by viralvacancy » Wed Nov 03, 2021 2:44 pm
I have sonic fiber and an Eero 6 pro mesh network setup and for the past few weeks I have been experiencing ssl Validation failures on all of my different devices/browsers. I too am very concerned. I don't know what to think but this post has me thinking it could have something to do with sonic?

Any insights appreciated. Thanks.

-Kevin
by ngufra » Thu Nov 04, 2021 8:20 am
Can you describe your sonic connection (sonic fiber, AT&T resold fiber, dsl fusion, etc)
Are you using proxies?
Do you do any kind of packet inspection/optimization? that would explain why the modem certificates would be used as it needs to decrypt the packets and re encrypt them with its own certificates.

[edit: your screenshot show AT&T. It could be they use their own certificate to be able to optimize traffic, and re ssl it with their cert.]
by jrmiddle » Wed Dec 01, 2021 3:38 pm
Sonic fiber (which I believe is ATT resold), no proxies, no DPI. We have two wifi networks—one managed by Unifi hardware, with the main AP wired to the ATT modem, and the one vended by the ATT modem itself. I use the former, my partner uses the latter for WiFi 6 support. We see the same symptoms.

Regardless of their optimization goals, I have a hard time seeing silently MITMing encrypted connections as appropriate.
by ngufra » Wed Dec 01, 2021 3:51 pm
>Regardless of their optimization goals, I have a hard time seeing silently MITMing encrypted connections as appropriate.
You are talking about AT&T here.
Those with room 641A in their SFO facility.
What did you expect? :-)
5 posts Page 1 of 1

Who is online

In total there are 14 users online :: 0 registered, 0 hidden and 14 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 14 guests