New Jersey's Cablevision Hijacks DNS Error Pages 200
Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.
Give me a break... (Score:5, Informative)
Even on slashdot, we have people who don't know a DNS error (and yes, TFA gets it right) from a 404 (which can't be hijacked without modifying the stream itself)
Re: (Score:2)
Thanks. I saw the summary headline and was pretty confused ;)
Re:Give me a break... (Score:5, Interesting)
Site finder was slightly different from this, in its scope. I doubt ICANN will get involved
Verisign abused it's stewardship of the DNS Root servers (i.e. the Nameserver's nameservers, those servers that every(?) nameserver contacts to find out who to query...etc...).
In other words, if your ISP is doing something douchy like this, you can use another nameserver/run your own. That was not really an option with sitefinder
Re: (Score:2, Informative)
Not the root servers.
The .com, .net, whatever they had level ones - one below the root, still ones you have to use if you want DNS to work...
Re: (Score:2)
You're right. Mea Culpa. Too little sleep and too little coffee.
Re: (Score:2)
You can only use another nameserver if your ISP allows it. If your ISP decides to block requests on port 53 to any other nameserve but their own, then you're seeing their stupid ads, and living with the fallout that comes with having every possible name resolution query return a positive answer. This practice breaks the Internet and harms consumers, so I'm sure there will be legislation to make it mandatory soon.
Re: (Score:2)
Re:Give me a break... (Score:5, Funny)
Some ISPs indeed hijack 404s (Score:2)
Rogers in Canada is one who does that, then forges a search page for your convenience (;-))
Worse, they do the same for many valid .ca and .org sites.
--dave
Re: (Score:2)
And on Long Island. My father is one of them.
NXDOMAIN != 404 (Score:2)
The submitter confuses DNS and HTTP errors (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
If you meant DNS, you are correct, except that Verizon offers non-hijacked DNS servers you can use. I switched mine when they first starting doing it.
Re: (Score:3, Informative)
I was curious, so I went and found instructions from Verizon on how to switch:
http://netservices.verizon.net/portal/link/help/item?case=dns_assist&partner=verizon&product=fios [verizon.net]
However, some of the links from that page go nowhere.
This page has links to the actual DNS server IPs:
http://netservices.verizon.net/portal/link/help/index.jsp?epi_menuItemID=c567d167631f692124525d7253295c48&objId=23885 [verizon.net]
Re: (Score:2)
All you gotta do is go into your router, copy the existing DNS servers, and manullay configure them with the last octet as 14 (decimal) and you'll be moved to the old-skewl dns errors.
e.g. XX.XX.XX.12 becomes XX.XX.XX.14
Re: (Score:3, Informative)
Insight Communications in Indiana and Kentucky have been doing this [dslreports.com] for a while now.
Re: (Score:2)
The problem is that there is no reason to assume that just because a machine is making a DNS query it intends opening a TCP connection to port 80 (or 443). The people doing this had better have made sure that the machine serving these ads can cope with being b
Hostnames that start with www (Score:2, Troll)
The problem is that there is no reason to assume that just because a machine is making a DNS query it intends opening a TCP connection to port 80 (or 443).
Even if the hostname starts with www ?
Re: (Score:2)
The problem is that there is no reason to assume that just because a machine is making a DNS query it intends opening a TCP connection to port 80 (or 443).
Even if the hostname starts with www ?
Yes, www doesn't mean anything. Someone might want their mail server to use www.somedomain.com where somedomain.com by itself goes somewhere entirely different.
Re: (Score:2)
email requires DNS lookups constantly... it also relies on getting proper responses... especially nowadays when anti-spam measures are so important.
ipv6 failover is commonly implemented by handling the DNS failure on the first request.
Re: (Score:2)
IIRC Verizon Online also did this for a while. i was really upset when instead of a DNS error my browser automatically went to Verizon's (ad supported) search portal. i think i either changed the DNS setting on my router or it just went away. but in any case, i haven't seen it happen in a long time.
it's absolute BS that ISPs think they can just hijack the users' DNS error page. they already make money from subscription fees, but now they're hijacking subscribers' DNS errors to get ad views/clicks? not only
Re: (Score:2)
Or instead of being told straight away that the domain is invalid it'll be days before your MTA gives up...
No, they didn't (Score:5, Informative)
New Jersey's Cablevision Hijacks 404 Error Pages
No, they didn't.
If the submitter had read the summary, they would know that it's DNS errors that are being hijacked, not 404s.
It's an important difference - 404 means that they are transparently proxying your connections, which can cause problems with various sites (and that they are recording every URL you visit.)
For example: http://slashdot.org/akasjdflkasdjfl;kajsdl;aksdjfkdjkfdjlkjsdf [slashdot.org] would not be affected by this, whereas http://sslashhdot.org/ [sslashhdot.org] would.
Is it *too* much to ask that a technical news site present technical articles correctly?
Re:No, they didn't (Score:5, Insightful)
Right, and while it might seem repulsive to some to have them proxy your web connections, I honestly find it more repulsive to hijack failed DNS queries, because this affects spam. Maybe it's just because I work for a professional email hosting company, but come on now. Failed dns lookup = drop mail as spam. Maybe not as critical because it's an ISP with mostly end users, but what if they're doing this to their small business customers, too?
~Wx
Re: (Score:2)
When Time Warner did the same thing on my connection, they actually returned the RCODE as NXDOMAIN (implying a failure) along with the A records for the advert page. Resolvers which properly/strictly adhere to the RFC would treat the lookup as a failure, which means that for spam purposes this probably wouldn't have caused an issue. My guess is that web browsers aren't quite as concerned with a strict interpretation of the standards, since they want the users to get to the web site they're looking for under
Re: (Score:2)
Then there would be much less news.
Quote [theinquirer.net]: "ICANN up in arms at Verisign DNS hijacking" (as happened 2003)
CC.
Re: (Score:2)
FiOS has really nice service in most of New Jersey...
Re: (Score:2)
Re: (Score:2)
Verizon does the same thing ...
Sort of... they offer two pairs of DNS servers. One hijacks DNS errors, the other doesn't. http://netservices.verizon.net/portal/link/help/item?case=dns_assist&partner=verizon&product=fios [verizon.net]
Re: (Score:2)
Do they? Oops... I use OpenDNS and hadn't realized that.
Re:No, they didn't (Score:5, Insightful)
It's an important difference - 404 means that they are transparently proxying your connections
And inspecting the packet contents looking for HTTP 404 error code returns, and either modifying the returned HTML to insert their own ads or else (and much, much simpler and more practicable) discarding the rest of the data stream and substituting their own.
Hijacking DNS errors is wrong; hijacking HTTP 404 returns would be Evil.
Their Terminology (Score:2)
they would know that it's DNS errors that are being hijacked, not 404s.
Don't use their terminology. They're not DNS errors, they're a class of DNS responses.
Calling them errors helps Cablevision support their practices.
Ok summary of bad article headline (Score:2)
It's not a 404 page that's getting hijacked. It's DNS resolution failures.
It's a pretty big difference.
404? (Score:2)
Re: (Score:3, Informative)
404 == HTTP error code for "page not found". And the summary's wrong, they're actually hijacking 502 (bad gateway/no such domain) pages, which is a major difference. Hijacking 502s only requires their DNS servers to redirect nonexistent domains to the ad page, while hijacking 404s would require them to sniff every page you visit.
Re: (Score:2)
I was being facetious, as in, "please explain what you want me to think your headline means". I would apologize for not being more clear, but I re-read mu original post and I stand by it's clarity as written. However, I do confess maneuvering toward an overused Princess Bride joke, but decided against it (too easy).
I do not plan to hand in my geek card anytime soon.
Bad Summary (Score:2, Informative)
What's next ? (Score:4, Funny)
The blue screen of russian women 4 U? BSORW4U!
or
Buy Vi4GR@ now! By the way: Syntax error.
Solution for ISPs mucking with DNS results (Score:4, Insightful)
Don't use your ISP's DNS servers.
Find another public server or run your own.
Re: (Score:2, Informative)
That's a good thought and a viable one. I do the same thing myself. The problem is that my dollars are still going to support the ISP's DNS servers, which still warrants complaint.
Re: (Score:2)
Doesn't work for everyone... Here on windstream.net they seem to randomly block queries to other nameservers unless you use theirs - unless of course freedns, earthlink and rackspace all went down at the same time when the windstream local DNS would still work - anything is possible I guess.
They do have the 'opt-out' option although all it does is give a fake IE DNS error page instead - I'm using FireFox so it's obvious...
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Please try the following:
* Click the refresh.gif (82 bytes) Refresh button, or try again later.
* If you typed the page address in the Address bar, make sure that it is spelled correctly.
* To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP).
* See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting).
1. Click the Tools menu, and then click Internet Options.
2. On the Connections tab, click LAN Settings.
3. Select Automatically detect settings, and then click OK.
* Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed.
* If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
* Click the Back button to try another link.
Cannot find server or DNS Error
Internet Explorer
[ Manage Opt-In/Out settings ]
To make matters worse, I'm still getting redirected to search.grandecom.com for other
Re: (Score:2)
But that would make the summary completely wrong meaning their not hijacking DNS error pages, their just hosting ads instead of error pages IMO this is acceptable if your an end user. OFC if your doing anything that requires a standards complaint web connection then change or ISP (or just your DNS)
file not found? (Score:2)
Corrrect me if i'm wrong but the domain does not exist error page isn't a 404 error right? I thought 404 was the error for when a web server couldn't find the page you requested for it, not for the dns error.
when i first read TFS I thought, wth? what if i have a custom 404 page on my website?
I actually had to RTFA to figure out if they were honest to god hijacking web servers 404 pages.
thankfully it seems they are not.
Possible solution? (Score:5, Interesting)
They're returning adverts for failed DNS lookups, not 404 pages, as others have helpfully pointed out.
How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.
Re:Possible solution? (Score:4, Interesting)
Wouldn't that actually help. The impression revenue is probably tied to ad's that are *presented*. If you simply did a bunch of look-ups on fake names, all you would get are A records to the ad page. You would then have hit the web server, download the page and any elements. Then the advertisers would be paying per impression.
Re: (Score:2)
Re: (Score:2)
Curl is your friend for this.
Yes, sorry, that was what I meant. Not just lookups, but a recursive GET to /dev/null...
Re: (Score:3, Interesting)
And when your service is shut off for excessive downloading?
Re:Possible solution? (Score:4, Interesting)
As much as I hate dns being hijacked (I don't have the issue as I run my own), I'm sure these ISPs view it in a different light. Their argument will be that it's a 'feature' rather than being intrusive on people's browsing: "Helping our customers get to the proper website" or that it helps keep the price of the internet service low so you don't have to pay as much per month. Also, if you start hammering this, I'm sure a flag will rise (if they're at least half smart) and they'll send a nice email out to you stating that you're abusing your service, yada yada..
Not that any of this is a good thing, but you gotta see it from another prospective...
Re: (Score:3, Interesting)
That's the great thing about DNS servers-- just like a customer of the ISP doesn't need to use the ISP-provided servers, you don't need to a customer of the ISP to use the ISP provided servers.
The OP can still use their plan to hammer the servers without violating their terms of service. Just get a bunch of non-customers to switch their DNS to EvilCorp. Write a script to throw out DNS-error requests. Scoop up all the ad-crap that sluices down the tubes, and poison the results. Once you have all the data you
You can opt out here... (Score:5, Informative)
http://www.optimum.net/DNSRedirect/DoOptOut [optimum.net]
Re: (Score:2)
Re: (Score:2)
I'm a little fuzzy on how opt-out can be cookie based.
When your web browser does the DNS lookup for "nosuch.domain.com", it asks the OS, and the OS does the lookup. If the DNS server you are using returns a "hijacked" result, how can a browser cookie (that isn't sent until the HTTP request is sent) make a difference?
I can see that the resulting hijack server could use the cookie to know you don't want to see the ad-covered web page, but how does it get back into a "host not found" error that isn't complete
Re: (Score:2)
You still send the request to the search server, the cookie just instructs it to send you to a page that looks like IE's "The page could not be displayed" error. It's not really opting out, it's just not showing you their ads. Anything that doesn't go through the browser is still broken.
Charter Communications (Score:2)
We started seeing this with Charter in the midwest. Not the 404 errors, but with invalid domain names. The biggest problem for us has been with our VPN software. When our employees are working from home, Charter always returns a valid IP for our internal DNS zones so the DNS lookups are never forwarded over the VPN.
I hope their additional advertising revenue makes up for the lost customers.
Re:Charter Communications (Score:4, Informative)
A laughable example of how poorly implemented the Charter DNS error is:
http://flickr.com/photos/listrophy/2194252038/ [flickr.com]
Things to note:
For this and many other things, I have since stopped using Charter. My soul feels so much cleaner now that I'm not giving them money.
Re: (Score:2)
No ads. What's the point then? (Score:2)
Presumably on a PC with Internet Explorer, it looks just like the regular page does, which makes me wonder why they'd even bother to do it in the first place. I don't see any ads nor any information that's any more helpful than the default error page for IE.
Did they only do that specifically so that it would screw up DNS lookups? For laughs? Were they bored one day?
Re: (Score:3, Informative)
That's the "Opt-out" page... a 200 OK response. The "Opt-in" page has all of the ads.
OpenDNS does this (Score:3, Interesting)
I just redirected my DNS queries to OpenDNS, mostly because of the content/phishing filtering they offer but also some of the statistics on my connection. They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.
Re: (Score:3, Interesting)
They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.
If that's the case then, regardless of how ethical or up-front they may be about it, then they are unsuitable for certain uses. Ran into this when earthlink started doing this crap and I was running a dnsbl for my own mail server, with forwarding set to one of ELN's DNS servers. Suddenly nothing came through. It was because everything was coming back as a hit.
Re: (Score:2)
Ah, that is very cool then. Thanks
Re: (Score:2)
A crucial difference is that OpenDNS is opt-in, whereas when an ISP does it, it becomes an opt-out situation (or, more likely, a "deal with it" situation).
OpenDNS provides a service (robust lookup, filtering, etc.), with a well-established downside (ads on DNS lookup errors). If you like the deal, you can use OpenDNS. If you don't like the deal (e.g. you rely on proper DNS failures), then you don't use it.
The real problem occurs when all the default DNS servers do ad-redirecting. Then it will become impossi
Re: (Score:2)
TDS started recently too (Score:2)
The DNS error hijacking, that is. I was going to consider switching to Charter, but I see someone has posted that they've started doing this as well.
Are there any free DNS services out there that happily return valid results instead of redirecting you?
I love /. (Score:5, Funny)
Re: (Score:2)
Second best. First would have to go to the 'Frist P0st' that actually manages to be first!
Re: (Score:3, Funny)
and i love the smell of condescension and self-righteousness in the morning...
Re: (Score:2)
You can actually hear the simultaneous erections
If erections actually made a sound, I guess this world would be completely different!
Re: (Score:2)
It's the best sexual gratification most of them are going to get all year.
Sigh... at least three months before my next one.
Marginal cases (Score:3, Funny)
Comment removed (Score:3, Informative)
Re: (Score:3, Insightful)
Yes, incredibly easy to solve your ISP hijacking failed DNS lookups by switching to a service that (by default) supports itself by hijacking failed DNS lookups ;)
OpenDNS have (or at least used to have) a way of tagging your account as "don't show me the adverts and give me a proper response" but it is associated with an IP address.
Every time we turn our router off for the night we get a new IP because the lease expires. As I run a Linux box I can't use their Mac or Windows "update your IP from the client" a
Re: (Score:2)
>However this does not solve it for less technical people as they would have no idea what is going on
That's ironic beause opendns does exactly what you are decrying, yet geeks recommend it all the time. Nor does "open" dns publish open source code of their dns server or anything else.
In other words: Marketing works. I'm naming my next project OpenSpyware. Please recommend it to your friends like you do opendns.
Hurting the Underlying Stablity of the Internet??? (Score:2)
How can this hurt the underlying stability of the internet??
Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers.
Yet the page linked in the above statement just details how a security researcher came up with a proof of concept that was specific to a different companies implementation of the same idea.
Re:Hurting the Underlying Stablity of the Internet (Score:5, Informative)
Quite simple: run a mailserver, then use these type of DNS servers. In a few days, you'll have so much mail that doesn't get accepted by xxx.xxx.xxx.xxx (your provider's DNS) that it might fill your storage. Then 7 days later (instead of a few hours later) the e-mail gets sent back with the message that the other server doesn't accept the mail (instead of saying that the domain doesn't exist) after being retried hundreds of times eating up valuable bandwidth and processing time. Then if your end-user isn't smart enough, he'll retry sending it, not noticing he has a typo in his address book, because after all, the other e-mail server DOES exist.
Re: (Score:3, Informative)
And, the reverse that others have mentioned.
If you use a DNS blocking list (DNSBL) for e-mail, you will stop receiving any e-mail, because every lookup will always return a "found", and DNSBLs work by returning NXDOMAIN if the site isn't listed, and returning an IP address if it is.
Use dnsmasq (Score:2)
dnsmasq [thekelleys.org.uk] has an option to reverse the effect of this sort of thing.
It runs nicely on OpenWRT [wikipedia.org].
Or you could use maradns instead, and avoid all present and future problems with your ISP's caching DNS servers..
Your point would be what, exactly? (Score:2)
My employer's ISP (that is - the one that provides service to our office, as opposed to that which has our telehoused machines), a company called Tiscali do this.
This is fairly ironic. We're a domain registry, and we make most of our income on non-existent DNS names, via simple parking pages. You do understand parking don't you?
Dot TK - Renaming the Internet
Rogers Cable (Score:3, Informative)
The kicker is that I also think they're actively blocking access to other search engines periodically in order to increase usage of their own. www.Google.com will sometimes time-out while trying to load, but works fine when accessed through Dogpile meta-search.
Since I've moved off of Rogers already, I can't do more experiments to test, but if anyone else is on it, I suggest you keep an eye out.
Re: (Score:2)
They're also blocking access to large numbers of .org and .ca sites, including the .ca
site of my local member of parliament.
What was particularly annoying is that they set the tab title to the title from her home page ("Martha: It's Time") and then reported that the page was inaccessible.
That was the tipoff: the sites can be looked up in their own DNS, so one can do that and and connect to then by IP address
That in turn makes it look like they're doing it based on a buggy rule system.
--dave
Re: (Score:2)
Come out west, and you've also got Shaw, which is quite good (!).
I've also heard that MTS is pretty solid, if you live in Manitoba.
Re: (Score:3, Informative)
Some of the small resellers buy raw bandwidth, so you can avoid the brain-damage.
--dave
use OpenDNS (Score:2)
Easy solution, use OpenDNS.
Oh wait, they also do that.
Re: (Score:2)
Easy solution, use OpenDNS. Oh wait, they also do that.
Yes they do, but it's the user's choice to see the ads and in exchange, get a damn reliable DNS.
I thought by now the concept of internet==$0.00 was over but I guess not.
Re: (Score:2)
You misunderstand me...
I use OpenDNS as well. I merely commented on it, that there are more products out there that use that same technique. I don't see what the problem is in this case.
Re: (Score:2)
My point is that there's only so many dollars out there, and a lot of entities trying to capture them.
Of course, the best part of OpenDNS is allowing users to upload their own image to display when encountering a blocked site or an error. I put my mother-in-law's image there and it's a doozy.
Deja vu (Score:2)
i think this is the third story on an ISP catching DNS errors :-(. Even the follow-ups seem to be similar.
Personally, my only surprise was when i learned how much money an ISP can make by selling Ads on error landing pages.
Regards, Martin
This is no longer news - it is common (Score:2)
I know that my DSL provider, Cavalier Telephone [cavtel.com] has been doing this for years. I called their technical support, and of course they had no idea what I was talking about. After emailing one of their tech guys, they suggested I set my computer to use someone else's DNS. IMHO, this is a network neutrality violation and the FCC should be investigating this. I said that much in my thank-you letter for their ruling against Comcast.
It would not surprise me to find out that this is becoming the norm, rather tha
Stab them in the eye! (Score:2)
I am actual
can take hours with "support" to run off (Score:2)
they first couple of levels of support people in these ISP's do not know networking is and/or are forced to read from scripts. It can take hours to get to the level of support where they not only know what you are talking about but can also throw the switch to turn off the DNS hijacking.
So having a switch is still not easy when you can't just go to your settings page and turn it off yourself.
LoB
Earthlink does the same thing; here's opt-out info (Score:2)
Earthlink also uses a DNS error spam page rather than a real DNS not found error. Very, very lame.
They do have a (little known) method for bypassing this, details here:
http://kb.earthlink.net/case.asp?article=187117 [earthlink.net]
Basically they give you the IP of a non-fucked DNS server, which you can then program into your router, computer etc.
How do you turn them off on roadrunner? (Score:2)
Seems popular. (Score:2)
Verizon (now FairPoint Communications in these parts) does it too. http://wwwwz.websearch.verizon.net/search?qo=blahblahblah&rn=S6ORMW8T2m7rGJi&rg= [verizon.net] That's where you end up if you try to go to an invalid domain name. (Replace 'blahblahblah' with whatever)
Suddenlink customers can opt out here (Score:2, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
See my post above and the others below. They are not hijacking 404s. They are hijacking DNS errors, same as earthlink et al have been doing forever.
Re: (Score:2)
It's a bad thing for several reasons, which have already been laid out elsewhere.
Using 4.2.2.2 means I abuse whatever poor bastard owns that IP now, and using my own DNS server means I'm paying for the same service twice -- once for my ISP to run their servers, and once to run my own.
And you can get the same functionality, for web browsing, in your browser. There's pretty much no app other than web browsing which would benefit to this, and several which would be hurt by this.
Re: (Score:2)