<div dir="ltr">This ISP (True Internet - AS7470 and AS17552 ) already intercepts http traffic using transparent proxy since quite some time.<div><br></div><div>There were rumours recently that Thai ISPs would start intercepting https and making users install their TLS certificate. But I have not seen any evidence of it personally, nor have I heard of anyone who got certificate hijacked while browsing.... So its likely a proxy in the probe host's local network.</div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, Aug 1, 2015 at 11:36 PM Andrew Bosch <<a href="mailto:andrewbosch@comcast.net">andrewbosch@comcast.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The Fortinet name in the certificate suggests a firewall or proxy that is<br>
intercepting traffic from the probe.<br>
<br>
<br>
-----Original Message-----<br>
From: ripe-atlas [mailto:<a href="mailto:ripe-atlas-bounces@ripe.net" target="_blank">ripe-atlas-bounces@ripe.net</a>] On Behalf Of Stephane<br>
Bortzmeyer<br>
Sent: Saturday, August 1, 2015 10:36 AM<br>
To: <a href="mailto:ripe-atlas@ripe.net" target="_blank">ripe-atlas@ripe.net</a><br>
Subject: [atlas] Strange certificates at probe 17009<br>
<br>
Probe #17009, located in Bangkok, when asked to perform a "sslcert"<br>
measurement, always retrieve a certificate whose expiration date is<br>
2024-10-31, whatever the target is. There is probably a<br>
man-in-the-middle before the probe...<br>
<br>
<br>
<br>
</blockquote></div>