Hashfails and corrupted downloads when retrieving files directly via ISP connection but things clear up when using a VPN

3

I'm facing SSL errors when accessing websites (on computer and mobile same network) the error shows up randomly (only some times I got the error) but lately I noticed that most of my downloads are corrupted (Zip and EXE files) also a lot of HashFails on the Torrent files (like 20GB wasted for 5GB file) I am connecting to the ISP via an ADSL modem at home then via Wi-Fi to the PC.

How can I be certain that my ISP is causing the SSL errors and corrupted files?

I thought my PC is infected so I installed an Antivirus and an Anti-malware but got the same result, then after trying to install Fusion360 (Autodesk) where the installer download the rest of the files I got another SSL error I tried everything they suggested on the help page but no luck.

Finally I installed VPN software and magically all the errors are gone and the downloaded files are working, Fusion360 installed fine. All this is making me think that this must be my ISP messing up the internet connection for some reason. Is this possible?

For example is the error I get when installing Fusion360 :

ssl.SSLError: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:2090)`

And this while installing numpy

Could not install packages due to an EnvironmentError: [SSL: DECRYPTION_FAILED_OR_BAD_RECORD_MAC] decryption failed or bad record mac (_ssl.c:2217)

And this is error on a website :

err_cert_authority_invalid.

Here is another :

ERR_SSL_PROTOCOL_ERROR

And this :

www.reddit.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR

there's no option to view the certificate, but once I reload the page I can access the site and can see the certificate details

also this :

Attackers might be trying to steal your information from m.facebook.com NET::ERR_CERT_AUTHORITY_INVALID

This on Facebook also and I did get the certificate

enter image description here enter image description here enter image description here

Here is what i can find on the ADSL section of the modem :

The ADSL BER test completed successfully.
Test Time (sec): 20 Total
Transferred Bits: 0x00000000046C1400
Total Error Bits: 0x0000000000000000
Error Ratio: 0.00e+00

and this ADSL STATICS : enter image description here

Chebhou

Posted 2018-10-02T17:53:11.743

Reputation: 131

3You mention you recieve SSL errors, but don't indicate, what those SSL errors are. – Ramhound – 2018-10-02T17:55:10.350

1How do you connect to your ISP? Via a modem? Wired or wireless? This all sounds like some encryption issue between you and your ISP but not necessarily caused by your ISP. The face the VPN clears things up is a big clue but blaming the ISP might not make sense; if you are using a popular ISP with lots of users you wouldn’t be the only one with an issue. – JakeGould – 2018-10-02T18:18:24.363

1It would be interesting to review stats on your VPN connection (if you can get them)... And it would also be good to know about the SSL errors you're seeing... for example a screenshot of your browser when the error occurs. – Attie – 2018-10-02T19:40:50.127

@Attie i'll add one when i get it – Chebhou – 2018-10-02T20:49:54.427

If you are recieving err_cert_authority_invalid it means the root certificate authority that signed the website's certificate is not trusted. You would need to provide all relevant information in order for a relevant answer to be submitted. As currently written all required information has not been provided. – Ramhound – 2018-10-03T22:47:23.570

@Ramhound If you could be more specific about the "required information" that would help – Chebhou – 2018-10-04T08:28:28.710

The root certificate appears to be invalid. However, that might not be the case, but I don’t have the root certificate you do. So verify if that’s the case and provide the relevant information – Ramhound – 2018-10-04T11:44:36.163

@Ramhound I get those errors randomly from time to time, so the same website ( let's say google ) I can access without an error but sometimes I get one, in the meanwhile I will try to get a certificate when the error shows up.thank you – Chebhou – 2018-10-04T16:11:27.353

I just got this "www.reddit.com sent an invalid response. ERR_SSL_PROTOCOL_ERROR" there's no option to view the certificate, but once I reload the page can access the site and can see the certificate details. – Chebhou – 2018-10-04T16:38:38.013

@DavidPostil and Ramhound if there is details missing and I can provide I would do but I have to know what is it first ! – Chebhou – 2018-10-05T20:09:46.043

@Chebhou - Your issues on your mobile device, are out of scope here at Superuser. We can only help with your issues on your Windows device. The certificate being served as the same serial number as the legitimate certificate, which indicates to me, this is a device configuration issue. – Ramhound – 2018-10-08T16:15:02.833

@ramhound thank you for checking the certificate, but as I stated before this happens on both and I will add one from the windows device when possible. – Chebhou – 2018-10-08T16:39:55.280

1Something to note... Facebook's SHA-1 Fingerprint is: BD:25:8C:1F:62:A4:A6:D9:CF:7D:98:12:D2:2E:2F:F5:7E:84:FB:36. Which does not match what you are seeing there. This points to the possibility that there is indeed something intercepting your connections. – Michael Frank – 2018-10-11T02:28:06.243

@MichaelFrank thank you for that catch , is there anyway I could perform some test so I get more details ? – Chebhou – 2018-10-11T10:07:01.803

Answers

4

Wild guess but this doesn't sound like intentional ISP meddling, and it's unlikely to be encryption-related.

Either there is some kind of major interference/data corruption between you and the ISP (which your VPN app hides by retransmitting corrupted packets instead of failing), or between the ISP and one of their upstreams (which the VPN just happens to route around).

Log in to your ADSL modem and check its DSL status page – error counts, signal/noise ratio, etc.

Either way, given that it happens on multiple devices on the same network, I'd contact the ISP's tech support.

user1686

Posted 2018-10-02T17:53:11.743

Reputation: 283 655

i doubt that there will be any kind of support from the ISP, and I'll check the ADSL status page and add the log here. – Chebhou – 2018-10-02T18:23:34.507

Really? Why not? – user1686 – 2018-10-02T18:32:38.197

because it's a government/public company and they don't care cause they are the only option here, I have added the adsl info if you can verify it – Chebhou – 2018-10-02T18:51:12.000

2

There are a few reason for SSL errors aside from tampering - for example, is your computer's clock set correctly? If it's on the edge of a tolerance, then you could get occasional issues. But given that you're also having issues with BitTorrent, the problem isn't likely to be so confined - BitTorrent is a controversial technology, and I wouldn't be surprised if certain ISPs attempt to influence or dissuade users.

However... From the your description and the information you've provided, I think you're probably not far off-base with laying suspicions on your ISP. Are you willing / able to name them? If they hold a monopoly over any area then it's likely others will be experiencing issues too.

The ADSL link is fine:

  • The BER (Bit Error Rate) during a test was zero...
  • SNR margins of 38.2 dB and 8.5 dB are fine (down / up)
  • Attenuation of 7 dB and 0.4 dB are fine (down / up)
  • Given that the line probing has established an attainable rate of ~24.8 Mb/s downstream, and you've sync'd at 4 Mb/s, you are well within the margins (is your service capped at 4 Mb/s?)
  • Few or no frame errors, zero uncorrectable errors

Attie

Posted 2018-10-02T17:53:11.743

Reputation: 14 841

the clock is set to auto update( in windows ) and the ISP is the one and only available here "Algerie Telecom", I'll check with other users if they are experiencing similar things. my speed is limited to 2Mb/s while the ISP can provide up to 8Mb/s for personal use but it's way too expensive. – Chebhou – 2018-10-02T20:58:20.873

Asked: 2018-10-02T17:53:11.743

Viewed: 198 times

Active: 2019-02-02T18:40:57.343