Comcast the Latest ISP To Try DNS Hijacking 352
Posted
by
timothy
from the c'mon-fellas dept.
from the c'mon-fellas dept.
A semi-anonymous reader writes "In the latest blow to DNS neutrality, Comcast is starting to redirect users to an ad-laden holding page when they try to connect to nonexistent domains. I have just received an email from them to that effect, tried it, and lo and behold, indeed there is the ugly DNS hijack page. The good news is that the opt-out is a more sensible registration based on cable modem MAC, rather than the deplorable 'cookie method' we just saw from Bell Canada. All you Comcast customers and friends of Comcast customers who want to get out of this, go here to opt out. Is there anything that can be done to stop (and reverse) this DNS breakage trend that the ISPs seem to be latching onto lately? Maybe the latest net neutrality bill will help." Update: 08/05 20:03 GMT by T : Here's a page from Comcast with (scant) details on the web-jacking program, which says that yesterday marked the national rollout.
Serious question (Score:3, Funny)
I'm not an expert on DNS. Can someone explain to me, as simply as possible, why this is a bad thing? I understand that it's a pain to be redirected to some random ad-laden piss-poor search page, but what will this break?
This is not a troll or flamebait, I genuinely want some education.
Re:Serious question (Score:3, Funny)
You're IT for a business. You have employees who check their e-mail from home, accessing your stuff via a split tunnel VPN.
The computer tries to resolve internalmail.company.com, and normally this should fail, causing the computer to try the VPN's DNS server.
Instead, your employee's computer gets Comcast's search page server. Their mail client times out.
You get inundated with tech support calls.
I fail to see, using your scenario, why Comcast's DNS server would effect the company's internal DNS server, thus creating the conflict you alluded to. Since I'm not sure why Comcast would know anything about the company's internal network... If you meant:
The computer tries to resolve webmail.company.com , and normally this should fail, causing the computer to try the VPN's DNS server.
... then it almost makes sense... but only if you have a poorly constructed hosts file and route.
Re:I noticed this yesterday (Score:3, Funny)
The opt-out is pretty easy, and I've also sent an email to comcast regarding this.
Hello lothos,
We received your email regarding the easy opt-out, and we would like to take the time to assure you that we are doing everything in our power to make this much more difficult. We apologize for any conveniance you may have encountered, and thank you for being a valued Comcast customer!
Best Regards,
Comcast Support
Re:Serious question (Score:3, Funny)
Interfering with established web protocols could be, for a private citizen, prosecuted as a criminal act.
*sigh*, don't you think that's just a tad extreme?
Obviously you might enjoy it if they cleaned out all the trolls
Are you kidding? I only come here for the trolls ;)
It still takes 2 days to opt-out. (Score:5, Funny)
Your opt-out request has been confirmed. We will complete processing of this request within 2 business days.
I wonder if /.ing the Comcast request page makes it take longer. ;-)
Re:They are niggers (Score:2, Funny)
Re:Serious question (Score:4, Funny)
Allegedly the Cisco client behaves in exactly the way the GP describes.
Re:Very Simple Answer (Score:2, Funny)
Re:Serious question (Score:2, Funny)
What's with all the funny mods in this thread?