Why is Spectrum intercepting HTTPS requests?

benwilson

Trying to do some work from home and getting random failures due to certificates not being valid.

  Warning  Failed     32s                kubelet            Failed to pull image "public.ecr.aws/r5b3e0r5/3box/ceramic-one": rpc error: code = Unknown desc = failed to pull and unpack image "public.ecr.aws/r5b3e0r5/3box/ceramic-one:latest": failed to resolve reference "public.ecr.aws/r5b3e0r5/3box/ceramic-one:latest": failed to do request: Head "https://public.ecr.aws/v2/r5b3e0r5/3box/ceramic-one/manifests/latest": x509: certificate is valid for sdptpsiproxyvip.charter.com, id.spectrum.net, www.spectrum.net, www.spectrum.com, activate.spectrum.net, spectrum.net, v-collector.dp.aws.charter.com, sdpetpsi-a.charter.com, sdpetpsi.charter.com, sdpetpsi-b.charter.com, sdpwtpsi.charter.com, sdpwtpsi-a.charter.com, sdpwtpsi-b.charter.com, sdptpsi.charter.com, sdptpsi.g.charter.com, cdn.pi.spectrum.net, api.spectrum.net, collector.pi.spectrum.net, pi-lite.spectrum.net, apis.stage-spectrum.net, apis.spectrum.net, id.stage-spectrum.net, tpsi.spectrum.net, tpsi-ort.spectrum.net, not public.ecr.aws

How do I stop Spectrum from responding to requests not intended for them?

RAIST515O

May have been an issue with the repo... looks like it failed to look up a reference or something when you tried to pull it up.

Came up for me just now (image was updated fairly recently)

RAIST515O

(And yes, that was on my phone... but was not on the Verizon LTE. Using my home wifi (Asus router) on Spectrum Internet in South Carolina (defaults to Spectrum's DNS, specifically 209.18.47.63 and 209.18.47.61)

benwilson

It works eventually, yeah.

The repo is hosted by AWS, why does the hostname resolution of "public.ecr.aws" return a Specturm SSL cert?

The only reasons I can come up with is they're proxying traffic or DNS responses.

Please leave my packets alone 😓