Slashdot Log In
New Jersey's Cablevision Hijacks DNS Error Pages
Posted by
timothy
on Tue Sep 30, 2008 07:58 AM
from the fine-line-between-service-and-serviced dept.
from the fine-line-between-service-and-serviced dept.
Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.
Related Stories
Submission: New Jersey's Cablevision Hijacks 404 Error Pages by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Give me a break... (Score:5, Informative)
Even on slashdot, we have people who don't know a DNS error (and yes, TFA gets it right) from a 404 (which can't be hijacked without modifying the stream itself)
Re: (Score:2)
Thanks. I saw the summary headline and was pretty confused ;)
Re:Give me a break... (Score:5, Interesting)
Site finder was slightly different from this, in its scope. I doubt ICANN will get involved
Verisign abused it's stewardship of the DNS Root servers (i.e. the Nameserver's nameservers, those servers that every(?) nameserver contacts to find out who to query...etc...).
In other words, if your ISP is doing something douchy like this, you can use another nameserver/run your own. That was not really an option with sitefinder
Parent
Re: (Score:2)
Re:Give me a break... (Score:5, Funny)
Parent
NXDOMAIN != 404 (Score:2)
The submitter confuses DNS and HTTP errors (Score:5, Informative)
Re: (Score:2)
Re: (Score:3, Informative)
I was curious, so I went and found instructions from Verizon on how to switch:
http://netservices.verizon.net/portal/link/help/item?case=dns_assist&partner=verizon&product=fios [verizon.net]
However, some of the links from that page go nowhere.
This page has links to the actual DNS server IPs:
http://netservices.verizon.net/portal/link/help/index.jsp?epi_menuItemID=c567d167631f692124525d7253295c48&objId=23885 [verizon.net]
Re: (Score:3, Informative)
Insight Communications in Indiana and Kentucky have been doing this [dslreports.com] for a while now.
No, they didn't (Score:5, Informative)
New Jersey's Cablevision Hijacks 404 Error Pages
No, they didn't.
If the submitter had read the summary, they would know that it's DNS errors that are being hijacked, not 404s.
It's an important difference - 404 means that they are transparently proxying your connections, which can cause problems with various sites (and that they are recording every URL you visit.)
For example: http://slashdot.org/akasjdflkasdjfl;kajsdl;aksdjfkdjkfdjlkjsdf [slashdot.org] would not be affected by this, whereas http://sslashhdot.org/ [sslashhdot.org] would.
Is it *too* much to ask that a technical news site present technical articles correctly?
Re:No, they didn't (Score:5, Insightful)
Right, and while it might seem repulsive to some to have them proxy your web connections, I honestly find it more repulsive to hijack failed DNS queries, because this affects spam. Maybe it's just because I work for a professional email hosting company, but come on now. Failed dns lookup = drop mail as spam. Maybe not as critical because it's an ISP with mostly end users, but what if they're doing this to their small business customers, too?
~Wx
Parent
Re: (Score:2)
Then there would be much less news.
Quote [theinquirer.net]: "ICANN up in arms at Verisign DNS hijacking" (as happened 2003)
CC.
Re: (Score:2)
FiOS has really nice service in most of New Jersey...
Re: (Score:2)
Re:No, they didn't (Score:5, Insightful)
It's an important difference - 404 means that they are transparently proxying your connections
And inspecting the packet contents looking for HTTP 404 error code returns, and either modifying the returned HTML to insert their own ads or else (and much, much simpler and more practicable) discarding the rest of the data stream and substituting their own.
Hijacking DNS errors is wrong; hijacking HTTP 404 returns would be Evil.
Parent
Ok summary of bad article headline (Score:2)
It's not a 404 page that's getting hijacked. It's DNS resolution failures.
It's a pretty big difference.
404? (Score:2)
Re: (Score:3, Informative)
404 == HTTP error code for "page not found". And the summary's wrong, they're actually hijacking 502 (bad gateway/no such domain) pages, which is a major difference. Hijacking 502s only requires their DNS servers to redirect nonexistent domains to the ad page, while hijacking 404s would require them to sniff every page you visit.
Bad Summary (Score:2, Informative)
What's next ? (Score:4, Funny)
The blue screen of russian women 4 U? BSORW4U!
or
Buy Vi4GR@ now! By the way: Syntax error.
Solution for ISPs mucking with DNS results (Score:4, Insightful)
Don't use your ISP's DNS servers.
Find another public server or run your own.
Re: (Score:2, Informative)
That's a good thought and a viable one. I do the same thing myself. The problem is that my dollars are still going to support the ISP's DNS servers, which still warrants complaint.
file not found? (Score:2)
Corrrect me if i'm wrong but the domain does not exist error page isn't a 404 error right? I thought 404 was the error for when a web server couldn't find the page you requested for it, not for the dns error.
when i first read TFS I thought, wth? what if i have a custom 404 page on my website?
I actually had to RTFA to figure out if they were honest to god hijacking web servers 404 pages.
thankfully it seems they are not.
Possible solution? (Score:5, Interesting)
They're returning adverts for failed DNS lookups, not 404 pages, as others have helpfully pointed out.
How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.
Re:Possible solution? (Score:4, Interesting)
Wouldn't that actually help. The impression revenue is probably tied to ad's that are *presented*. If you simply did a bunch of look-ups on fake names, all you would get are A records to the ad page. You would then have hit the web server, download the page and any elements. Then the advertisers would be paying per impression.
Parent
Re: (Score:2)
Curl is your friend for this.
Re: (Score:3, Interesting)
And when your service is shut off for excessive downloading?
Re:Possible solution? (Score:4, Interesting)
As much as I hate dns being hijacked (I don't have the issue as I run my own), I'm sure these ISPs view it in a different light. Their argument will be that it's a 'feature' rather than being intrusive on people's browsing: "Helping our customers get to the proper website" or that it helps keep the price of the internet service low so you don't have to pay as much per month. Also, if you start hammering this, I'm sure a flag will rise (if they're at least half smart) and they'll send a nice email out to you stating that you're abusing your service, yada yada..
Not that any of this is a good thing, but you gotta see it from another prospective...
Parent
Re: (Score:3, Interesting)
That's the great thing about DNS servers-- just like a customer of the ISP doesn't need to use the ISP-provided servers, you don't need to a customer of the ISP to use the ISP provided servers.
The OP can still use their plan to hammer the servers without violating their terms of service. Just get a bunch of non-customers to switch their DNS to EvilCorp. Write a script to throw out DNS-error requests. Scoop up all the ad-crap that sluices down the tubes, and poison the results. Once you have all the data you
You can opt out here... (Score:5, Informative)
http://www.optimum.net/DNSRedirect/DoOptOut [optimum.net]
Charter Communications (Score:2)
We started seeing this with Charter in the midwest. Not the 404 errors, but with invalid domain names. The biggest problem for us has been with our VPN software. When our employees are working from home, Charter always returns a valid IP for our internal DNS zones so the DNS lookups are never forwarded over the VPN.
I hope their additional advertising revenue makes up for the lost customers.
Re:Charter Communications (Score:4, Informative)
A laughable example of how poorly implemented the Charter DNS error is:
http://flickr.com/photos/listrophy/2194252038/ [flickr.com]
Things to note:
For this and many other things, I have since stopped using Charter. My soul feels so much cleaner now that I'm not giving them money.
Parent
Re: (Score:3, Informative)
That's the "Opt-out" page... a 200 OK response. The "Opt-in" page has all of the ads.
OpenDNS does this (Score:3, Interesting)
I just redirected my DNS queries to OpenDNS, mostly because of the content/phishing filtering they offer but also some of the statistics on my connection. They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.
Re: (Score:3, Interesting)
They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.
If that's the case then, regardless of how ethical or up-front they may be about it, then they are unsuitable for certain uses. Ran into this when earthlink started doing this crap and I was running a dnsbl for my own mail server, with forwarding set to one of ELN's DNS servers. Suddenly nothing came through. It was because everything was coming back as a hit.
Re: (Score:2)
A crucial difference is that OpenDNS is opt-in, whereas when an ISP does it, it becomes an opt-out situation (or, more likely, a "deal with it" situation).
OpenDNS provides a service (robust lookup, filtering, etc.), with a well-established downside (ads on DNS lookup errors). If you like the deal, you can use OpenDNS. If you don't like the deal (e.g. you rely on proper DNS failures), then you don't use it.
The real problem occurs when all the default DNS servers do ad-redirecting. Then it will become impossi
TDS started recently too (Score:2)
The DNS error hijacking, that is. I was going to consider switching to Charter, but I see someone has posted that they've started doing this as well.
Are there any free DNS services out there that happily return valid results instead of redirecting you?
I love /. (Score:5, Funny)
Re: (Score:3, Funny)
and i love the smell of condescension and self-righteousness in the morning...
Marginal cases (Score:3, Funny)
Easily solved (Score:3, Informative)
http://www.opendns.com/ [opendns.com]
However this does not solve it for less technical people as they would have no idea what is going on, would have no idea how to solve it and perhaps have not even a clue that there is a problem and that they typed in something wrong.
If I were looking for nekid ladies, this might be help full. If I try to contact my bank it isn't. It could even be dangerous if things I were looking for is something similar to what I get presented as advertisement.
Re: (Score:3, Insightful)
Yes, incredibly easy to solve your ISP hijacking failed DNS lookups by switching to a service that (by default) supports itself by hijacking failed DNS lookups ;)
OpenDNS have (or at least used to have) a way of tagging your account as "don't show me the adverts and give me a proper response" but it is associated with an IP address.
Every time we turn our router off for the night we get a new IP because the lease expires. As I run a Linux box I can't use their Mac or Windows "update your IP from the client" a
Hurting the Underlying Stablity of the Internet??? (Score:2)
How can this hurt the underlying stability of the internet??
Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers.
Yet the page linked in the above statement just details how a security researcher came up with a proof of concept that was specific to a different companies implementation of the same idea.
Re:Hurting the Underlying Stablity of the Internet (Score:5, Informative)
Quite simple: run a mailserver, then use these type of DNS servers. In a few days, you'll have so much mail that doesn't get accepted by xxx.xxx.xxx.xxx (your provider's DNS) that it might fill your storage. Then 7 days later (instead of a few hours later) the e-mail gets sent back with the message that the other server doesn't accept the mail (instead of saying that the domain doesn't exist) after being retried hundreds of times eating up valuable bandwidth and processing time. Then if your end-user isn't smart enough, he'll retry sending it, not noticing he has a typo in his address book, because after all, the other e-mail server DOES exist.
Parent
Re: (Score:3, Informative)
And, the reverse that others have mentioned.
If you use a DNS blocking list (DNSBL) for e-mail, you will stop receiving any e-mail, because every lookup will always return a "found", and DNSBLs work by returning NXDOMAIN if the site isn't listed, and returning an IP address if it is.
Rogers Cable (Score:3, Informative)
The kicker is that I also think they're actively blocking access to other search engines periodically in order to increase usage of their own. www.Google.com will sometimes time-out while trying to load, but works fine when accessed through Dogpile meta-search.
Since I've moved off of Rogers already, I can't do more experiments to test, but if anyone else is on it, I suggest you keep an eye out.
Re: (Score:3, Informative)
Some of the small resellers buy raw bandwidth, so you can avoid the brain-damage.
--dave
Re: (Score:3, Interesting)
They probably use a transparent web proxy between the user PC and the web server.
When the web server sends a standard 404 error page, it goes via the proxy which puts its page in place of it.
Re: (Score:2)
See my post above and the others below. They are not hijacking 404s. They are hijacking DNS errors, same as earthlink et al have been doing forever.