Most active commenters
  • bombcar(3)

←back to thread

A New Future for Icanhazip

(major.io)
980 points nkcmr | 19 comments | 06 Jun 21 19:21 UTC | HN request time: 1.161s | source | bottom
Show context
Ayesh ◴[06 Jun 21 20:01 UTC] No.27415818[source]
I was using icanhazip to check if my Tor circuit was complete, and probably made 50-100 requests per week. The site was getting slow, and I thought it is just a random site that the author didn't really care too much.

I dropped my jaw when I read it was getting 30B req/day.

Thank you for running this site for so long, and thank you for keeping it up for free, and deciding to not monetize it.

replies(1): >>27416146 #
tyingq ◴[06 Jun 21 20:43 UTC] No.27416146[source]
I got a lot of mileage out of neverssl.com before somebody fixed the process to log into various "guest wifi" setups...ones that would intercept/redirect any http request.

I'm somewhat curious what fixed things, as I've not had to use neverssl.com for some time.

replies(4): >>27416335 #>>27417005 #>>27417246 #>>27417473 #
1. lolinder ◴[06 Jun 21 21:07 UTC] No.27416335[source]
From what I can tell, most operating systems will now ping their own version of neverssl as you connect to a network to find out whether they need to show you a login prompt. It looks like they basically just check to see if they get the content they expect from a domain they own, and if not they serve you that page so you can see whatever it is your network injected. (You can usually see the OS domain in the address bar.)
replies(4): >>27416480 #>>27416671 #>>27416782 #>>27420145 #
2. toxik ◴[06 Jun 21 21:24 UTC] No.27416480[source]
captive.apple.com is what Apple uses
replies(4): >>27416489 #>>27416781 #>>27417275 #>>27445295 #
3. lolinder ◴[06 Jun 21 21:26 UTC] No.27416489[source]
Thanks. I was reaching for an example but don't have a guest WiFi nearby to test.
4. tyingq ◴[06 Jun 21 21:50 UTC] No.27416671[source]
Ah, that's interesting. I remember it being very broken for a long time...especially for "normal" users that wouldn't understand why navigating to an https site wouldn't work in that captive wifi situation.
5. bombcar ◴[06 Jun 21 22:03 UTC] No.27416781[source]
Apple has at least ten or more of these I’ve seen - on badly configured networks you sometimes see it in the address bar - because cached responses could destroy the utility.
replies(1): >>27417167 #
6. walrus01 ◴[06 Jun 21 22:03 UTC] No.27416782[source]
Yes, google, apple and Microsoft all maintain their own httpd with tiny stub content on it which specifically is not tls.
replies(1): >>27417317 #
7. fouc ◴[06 Jun 21 23:02 UTC] No.27417167{3}[source]
can you name one or two? I've never seen anything else besides captive.apple.com
replies(1): >>27418101 #
8. Tijdreiziger ◴[06 Jun 21 23:18 UTC] No.27417275[source]
Google's is http://connectivitycheck.gstatic.com/, and Microsoft's is http://www.msftncsi.com/ncsi.txt
replies(2): >>27417682 #>>27418656 #
9. stevage ◴[06 Jun 21 23:25 UTC] No.27417317[source]
So interesting! Thanks for sharing.
10. redler ◴[07 Jun 21 00:29 UTC] No.27417682{3}[source]
Leave it to Microsoft to use cryptic abbreviations and character limits even in URLs…
replies(1): >>27417821 #
11. pitterpatter ◴[07 Jun 21 00:49 UTC] No.27417821{4}[source]
Alternatively there's http://www.msftconnecttest.com/ncsi.txt
12. gregsadetsky ◴[07 Jun 21 01:40 UTC] No.27418101{4}[source]
I found https://community.ui.com/questions/Apple-iPhone-iOS-portals-... which lists some of these domains (www.itools.info, www.thinkdifferent.us, etc.), and this answer on StackOverflow -- https://stackoverflow.com/a/22277933/ -- which reverses a list of domains that all point to the same IP
replies(1): >>27418122 #
13. bombcar ◴[07 Jun 21 01:45 UTC] No.27418122{5}[source]
I’ve seen some of these but I swear I’ve seen others like portalcheck or something - but always to an Apple-like domain.
replies(1): >>27422162 #
14. surround ◴[07 Jun 21 03:15 UTC] No.27418656{3}[source]
Firefox uses http://detectportal.firefox.com/success.txt
replies(1): >>27421576 #
15. stephen_g ◴[07 Jun 21 07:57 UTC] No.27420145[source]
Annoyingly, I've seen some networks that try to "fix" problems by letting that go through even when not logged in. I'm pretty sure it had been fixed last time I flew, but Qantas in-flight WiFi used to be one example I'd seen. You'd connect, and then nothing would happen and no SSL connections would work. You'd either need a non-HTTPs site to get the redirect, or go to 'wifi.qantas.com' to accept the terms and conditions before you could browse. I was trying to work out why my iPhone and Mac weren't popping up that page as soon as I connected, and bizarrely captive.apple.com came up with 'Success' instead of redirecting, which means they must have misguidedly put in an explicit rule to let that through, completely breaking the feature!
replies(1): >>27429342 #
16. kd913 ◴[07 Jun 21 12:07 UTC] No.27421576{4}[source]
I was always wondering given that firefox has that detectportal.firefox.com why they also put requests into example.com/example.org?
17. bombcar ◴[07 Jun 21 13:14 UTC] No.27422162{6}[source]
Now I realize that the "subdomain" can change - it's been like portal.icloud.us or similar.
18. monocularvision ◴[08 Jun 21 00:47 UTC] No.27429342[source]
This exact thing happened to me on an American Airlines flight one time. It seemed to get fixed later.
replies(1): >>27430791 #
19. stephen_g ◴[08 Jun 21 05:00 UTC] No.27430791{3}[source]
The Qantas system runs on ViaSat's platform and satellite network, I don't know what American uses but perhaps it's based on the same system.