An evil middlebox is a transparent device that sits inbetween in between an end-to-end connection that disturbs the normal end-to-end traffic in some way. As you can not see these devices which usually work on layer 2, it is difficult to debug issues that involve them. Examples are HTTP proxy, Gateway proxy (all protocols). Normally, these devices are installed for security reasons to filter out "bad" traffic. Bad traffic may be viriviruses, trojans, evil javascript, or anything that is not known to the device. Sometimes also so called rate shapers are installed as middleboxes; while these do not change the contents of the traffic, they do drop packets according to rules only known by themselves. Bugs in such middleboxes can have fatal consequences for "legitimate" Internet traffic which may lead to performance or even worse connection issues.
...
Two examples in the beginning of 2005 in SWITCH:
- HttpProxyHTTP Proxy: very slow response from a webserver only for a specific circle of people
- GatewayProxyGateway Proxy: tcp transfers get stalled as soon as a packet is lost on the local segment from the middlebox to the end host.
A Cisco IOS Firewall in August 2006 in Funet:
- WindowScalingProblemsWindow Scaling Problems: when window scaling was enabled, TCP performance was bad (10-20 KBytes/sec). Some older versions of PIX could also be affected by window scaling issues.
...
The same issue has also been found with some models of the Fortigate firewall.
– Main.ChrisWelti Chris Welti – 2005-03-01 Mar 2005
– Pekka Savola – 2006-
- Main.PekkaSavola - 10 Oct 2006
-- Main.PekkaSavola - 07 Nov 2006
10-10–2006-11-07
– Alex Gall – -- Main.AlexGall - 2012-10-31