Background:
My ISP is doing evil, it will randomly insert malicious packets to my HTTP connections to hijack my browser and push their advertisements.
The process is: When you send out a Get request, ISP will immediately return a packet which contains a iframe pointing to my target before the real packet attends, so the result is I can browse the website I want but with annoying advertisements.
Currently I'm trying to complain this but at the same time, I want to know if there is a way to identify such kind of packet and then drop it with PF.
http://pastebin.com/QRtvCApq here is my tcpdump capture of the whole hijack process, in which there is a packet with TTL 49 I think is fake packet.
My ISP is doing evil, it will randomly insert malicious packets to my HTTP connections to hijack my browser and push their advertisements.
The process is: When you send out a Get request, ISP will immediately return a packet which contains a iframe pointing to my target before the real packet attends, so the result is I can browse the website I want but with annoying advertisements.
Currently I'm trying to complain this but at the same time, I want to know if there is a way to identify such kind of packet and then drop it with PF.
http://pastebin.com/QRtvCApq here is my tcpdump capture of the whole hijack process, in which there is a packet with TTL 49 I think is fake packet.