Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Canadian ISP Hijacking DNS Lookup Errors

Soulskill posted more than 6 years ago | from the both-hands-in-the-cookie-jar dept.

The Internet 225

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

cancel ×

225 comments

Sorry! There are no comments related to the filter you selected.

Good Grief (4, Interesting)

MightyMartian (840721) | more than 6 years ago | (#24254179)

I know one problem it can cause is for a number of spam tests which look for the message coming from a legitimate domain. When the DNS server says "yup, that resolves" even when there's actually no domain, the test is defeated.

Re:Good Grief (4, Informative)

PunkOfLinux (870955) | more than 6 years ago | (#24254257)

What the hell? Verizon is doing this now, too. Whenever I type in 'slashdot' in firefox, it just takes me to their useless search page, which is getting REALLY old now. I'm getting pretty disgusted now, and they should get it through their thick heads that if they're gonna charge us money for 'net access, they have NO right to make more money off of us by selling ads instead of allowing our browsers to function as expected.

Re:Good Grief (5, Informative)

Anonymous Coward | more than 6 years ago | (#24254343)

Verizon has been doing this for a while. I read the Terms of Service, Acceptable Use Policy, etc. every time they update it. It's clearly there, disguised as a 'feature' called DNS Assistance.

However, Verizon does have non-poisoned DNS servers which you can find in their Help pages, along with instructions for changing your machine's settings. http://netservices.verizon.net/portal/link/help/item&objId=23883 [verizon.net]

Re:Good Grief (5, Informative)

dosius (230542) | more than 6 years ago | (#24254443)

They tried to get me to use their poisoned servers, and as soon as I found out (btw, they DO report nxdomain, along with their error handling servers), I went back to the old ones.

The poisoned ones were 68.237.161.12 (nsnyny01.verizon.net) and 71.250.0.12 (nsnwrk01.verizon.net), and the unpoisoned ones are 151.202.0.85 and 151.203.0.85.

-uso.

Re:Good Grief (4, Informative)

c_g_hills (110430) | more than 6 years ago | (#24254575)

Verizon's non-poisoned dns servers are vulnerable to the newly discovered dns vulnerability. Shout at them!

151.202.0.85 is POOR: 26 queries in 2.1 seconds from 22 ports with std dev 19.03

151.203.0.85 is POOR: 26 queries in 2.4 seconds from 22 ports with std dev 15.08

Check for your self using `dig porttest.dns-oarc.net. in txt`

Re:Good Grief (1)

dosius (230542) | more than 6 years ago | (#24254583)

They work for me... you know any better ones?

-uso.

Re:Good Grief (4, Informative)

Anonymous Coward | more than 6 years ago | (#24254713)

4.2.2.1
4.2.2.2

Re:Good Grief (2, Informative)

bconway (63464) | more than 6 years ago | (#24255145)

Worse.

$ dig +short porttest.dns-oarc.net TXT @4.2.2.1
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.7.40 is POOR: 26 queries in 2.0 seconds from 1 ports with std dev 0.00"

$ dig +short porttest.dns-oarc.net TXT @4.2.2.2
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"209.244.7.34 is POOR: 26 queries in 1.9 seconds from 1 ports with std dev 0.00"

Run your own (1)

CustomDesigned (250089) | more than 6 years ago | (#24255147)

I got tired of dealing with braindead or deliberately poisoned DNS servers at ISPs a long time ago. Run your own. It is trivial in linux (install caching-nameserver in EL/Fedora), and I assume OSX. I suspect even Windows has an open source named you could run.

Re:Good Grief (0)

Talchas (954795) | more than 6 years ago | (#24255043)

Also, if you run a proxy like squid, that will deal with it too.

Re:Good Grief (1)

tomblag (1060876) | more than 6 years ago | (#24254625)

Strangely enough, my failed dns searches don't seem to resolve to verizon's search page now. And I haven't tried a clean dns server.

The Verizon Annoyance... (3, Informative)

flajann (658201) | more than 6 years ago | (#24254501)

You can "opt out" of the Verizon annoyance by modifying your DNS address by adding "2" to the last octet.

I've had to do this, and it works. No annoying Verizon snatching my failed DNS lookups!

Of course, if you try to get this out of their so-called "tech support", they will not know what you're asking for until you manage to get down to tier 2 or 3 or so. Amazing as it sounds, teir-one Verizon Fios tech support will glaze over at the mere mention of DNS, and will stupidly keep trying to get you to do inane things with your browser.

Re:The Verizon Annoyance... (2, Informative)

code65536 (302481) | more than 6 years ago | (#24254531)

Unfortunately, this is possible only for their PPPoE users. Customers outside of their northeast service area don't use PPPoE, and it's not possible to change the DNS servers in these non-PPPoE cases with the routers supplied by Verizon. >:(

Re:The Verizon Annoyance... (1)

John Hasler (414242) | more than 6 years ago | (#24254989)

Why so you have to use their router? Can't you put the modem in bridge mode and use your own router?

Re:Good Grief (1)

Constantine XVI (880691) | more than 6 years ago | (#24254551)

Change your DNS servers. 4.2.2.1 through 4.2.2.6 are known clean DNS servers. Most routers will let you change your DNS servers for your entire network.

Re:Good Grief (4, Funny)

c_g_hills (110430) | more than 6 years ago | (#24254611)

According to Paul Vixie, Level3 operators have said that they plan to restrict access to these servers in future to customers only, so make sure you have an alternative available!

Re:Good Grief (1)

aztektum (170569) | more than 6 years ago | (#24254585)

I switched over to using OpenDNS with my Linksys router and I get redirected to their fancy advert pages when I mistype something as well.

Re:Good Grief (2, Informative)

woot account (886113) | more than 6 years ago | (#24254679)

That's the entire purpose of OpenDNS. Open is just a misdirection word they stuck in there to make themselves sound better than they are.

At least they are open about it (1)

CustomDesigned (250089) | more than 6 years ago | (#24255261)

They clearly explain that they mangle your DNS requests, and this makes their service "smart". Unfortunately, they do not explain some of the negative ramifications of this. However, their service is targeted to "end-users". Presumably, an email provider would use their own DNS server on a real OS (I do).

Re:Good Grief (1)

notnAP (846325) | more than 6 years ago | (#24254595)

Verizon here in Dracut, Mass. (via DSL) is not doing it, at least for now. I have seen it happen sporadically in the past two years.

My favorite test, making sure I'm avoiding something I hit recently and therefore is cached somewhere, is to type in 3-4 random alpha characters (sans a tld). Every 3-4 alpha character domain name resolves to something in the .com TLD.

Re:Good Grief (1)

Lord Haw Haw Haw (1280782) | more than 6 years ago | (#24254487)

Our thuggish ISP here in India by the name of Airtel does the same. Who's to catch them out? Nowhere to complain to. What's more, they do it only for Home customers and not corporate customers. They think they are mighty clever at that.

Re:Good Grief (1)

Clete2 (823221) | more than 6 years ago | (#24254533)

RoadRunner is still doing this in South Carolina! UGH.

Re:Good Grief (2, Insightful)

davolfman (1245316) | more than 6 years ago | (#24254649)

To be honest I still think this thing is a bomb waiting to go off when it comes to anything outside the TLD's. In my mind if someone does this for say badmachine.slashdot.org they are pretty much guilty of criminal trespass, trademark violation, and/or fraud. Within the TLD space say www.badurltest.org where the typo isn't already someone else's claimed property they can pretty much do whatever they want, or whatever we let them.

Re:Good Grief (1)

John Hasler (414242) | more than 6 years ago | (#24255047)

> In my mind if someone does this for say badmachine.slashdot.org they are pretty much
> guilty of criminal trespass, trademark violation, and/or fraud.

Fortunately, your mind is not a court of law.

> Within the TLD space say www.badurltest.org where the typo isn't already someone else's
> claimed property

No string of characters is or can be property.

Hijack? Rogers ? (3, Funny)

carlvlad (942493) | more than 6 years ago | (#24254183)

aaaa'rrrr!

Re:Hijack? Rogers ? (1)

Mordok-DestroyerOfWo (1000167) | more than 6 years ago | (#24254323)

I guess you can say they're no longer very...jolly?

Re:Hijack? Rogers ? (2, Funny)

carlvlad (942493) | more than 6 years ago | (#24254463)

Who would, after battling torrents ?

Well I'll be... (4, Informative)

Shabbs (11692) | more than 6 years ago | (#24254201)

This must be brand new. I did a test just now and a bad URL sends you here:

http://www20.search.rogers.com/search?

With appropriate variables substituted for what you were typing of course, like this:

Enter: http://www.rogersblowz.com and you get:

http://www20.search.rogers.com/search?qo=www.rogersblowz.com&rn=mEelOh0JrKFZejZ

Let the debate rage on!!!

Re:Well I'll be... (5, Interesting)

Holmwood (899130) | more than 6 years ago | (#24254427)

Worse than this even. I've been redirected to Rogers Search pages, replete with advertising, for domains that I know exist, and that I know have been entered correctly (e.g. via a bookmark).

It used to happen a lot with http://ragnartornquist.com/ [ragnartornquist.com] (Tornquist is a senior game designer for Funcom). Granted that's a tough name to spell properly for a North American, but since I'd click on a bookmarked link, or a google page, I was sure it wasn't a problem with my typing.

What started to give it away as being something at Rogers (rather than my computer infected with malware) was that this was happening on every device I connected to the net -- Lynx on BSD, Safari on Apple, Opera on Maemo, Iceweasel on Ubuntu, and, of course, Firefox/IE/Opera on Windows.

(Yeah, I have a lot of different OS's sitting around!)

For a while I then became convinced my router had been compromised, but even switching routers didn't fix it.

Concluding it was unlikely that five different OSes and myriad different browsers had all been compromised, as well as two different routers, I contacted Rogers.

They said they were experimenting with "Software Improvements" and that the problem should go away for existing domains.

Well, using a proxy fixed it for me. But not a pleasant solution.

Software Improvements.

And the problem did go away for me at least. But I wonder if anyone else is being redirected to Rogers garbage pages for domains which exist.

Holmwood.

Re:Well I'll be... (2, Funny)

KGIII (973947) | more than 6 years ago | (#24254973)

Granted that's a tough name to spell properly for a North American, but since I'd click on a bookmarked link, or a google page, I was sure it wasn't a problem with my typing.

'Snot very nice of you to insult North Americans so openly and to make such broad sweeping strokes about the intellectual capacity of North Americans.

Ah well. I think you might be right though.

Re:Well I'll be... (1)

fluffman86 (1006119) | more than 6 years ago | (#24255209)

same thing happened to me the other day using "Earthlink" service from Time Warner Cable. (we had roadrunner, but the promo period was over so we kept the same service but our ISP started showing up as earthlink...it's stupid) For some reason, google.com does not exist anymore :( Switched to OpenDNS, and everything is fine. I switched back a day later and everything is fine again with earthlink's DNS. I still hate their stupid ads, but I as long as they work most of the time I'd really not help kill OpenDNS's servers.

Re:Well I'll be... (1)

failedlogic (627314) | more than 6 years ago | (#24254541)

I had Rogers up until about 1 year ago and the DNS servers were generally flaky. I guess they'll work better now that they have a way to make money off it. Ditto QUS on VoIP call since there's Rogers Home Phone. Does QOS still work against Vonage and such?

Strangely, I remember reading about 4 to 6 months ago the redirections were already starting. Rogers tends to release things into test markets and see how many complaints they get. If most people don't know or don't care they go ahead and roll it out.

Re:Well I'll be... (0)

Anonymous Coward | more than 6 years ago | (#24255307)

"Enter: http://www.rogersblowz.com and you get:"

Well, if it's any consolation, you can threaten to switch to Aliant/Bell, where they still properly handle errors (so far). It's rather ineffective leverage, but maybe if they hear more complaints and threats to switch to an ISP who hasn't deployed such silliness, it will sink in.

If I do an nslookup on searchsucks.rogers.com it fails like it should, and if I try search.rogers.com it answers with three IPs, so at least if the queries are coming from outside the rogers.com domain they appear to still be handling it properly. Only their customers are lucky enough to get it.

easy solution (4, Informative)

FudRucker (866063) | more than 6 years ago | (#24254211)

http://www.opendns.com/ [opendns.com]

basically it is remove your ISP's dns#s and add these

208.67.222.222
208.67.220.220

Re:easy solution (3, Insightful)

v1 (525388) | more than 6 years ago | (#24254235)

so, how long before your ISP starts blocking use of DNS servers other than their own?

Re:easy solution (0)

Anonymous Coward | more than 6 years ago | (#24254295)

if that happens then it should be time to cancel and find another ISP that do not act like nazis...

Re:easy solution (2, Insightful)

antdude (79039) | more than 6 years ago | (#24254935)

That's great if you have more than one ISPs. For me, cable is the only broadband ISP. If I want others, then I have to go back to dialup!

Re:easy solution (3, Informative)

Anonymous Coward | more than 6 years ago | (#24254467)

already happening here in italy... both the ads on false page and i can not use opendns nor OpenRootServerNetvork

Re:easy solution (1)

ribit (952003) | more than 6 years ago | (#24254597)

that's not full internet access.

Re:easy solution (1)

camperdave (969942) | more than 6 years ago | (#24255041)

Very few ISPs provide you with full internet access. Most, according to their Terms Of Service, do not allow you to run servers.

Re:easy solution (1)

ribit (952003) | more than 6 years ago | (#24255327)

But in practise they do allow it. They might be trying to stop people serving high-traffic websites from home, but if my ISP stops me serving my own files to myself over port 80 (to allow me to login and grab files when on the road), I will move to another ISP, because I want full internet access. If nobody offered that, I'd start an ISP myself.

Re:easy solution (0)

Anonymous Coward | more than 6 years ago | (#24254289)

OpenDNS hijacks www.google.com and redirects all requests to OpenDNS web servers in addition to redirecting non-existing domains. If you switch to OpenDNS because your provider redirects non-existing domains, you're throwing the baby out with the bathwater.

Re:easy solution (5, Informative)

tgx (1077763) | more than 6 years ago | (#24254301)

no, they're doing the exact same thing.
they're redirecting invalid requests to
http://guide.opendns.com/?url=%5Burl.here%5D [opendns.com]

$ host aoeuidhtns.com
Host aoeuidhtns.com not found: 3(NXDOMAIN)

$ host aoeuidhtns.com 208.67.222.222
aoeuidhtns.com has address 208.69.34.132

Re:easy solution (4, Informative)

TealShark (598509) | more than 6 years ago | (#24255187)

... which you can manually stop them from doing by disabling typo corrections in settings.

Re:easy solution (1, Informative)

Anonymous Coward | more than 6 years ago | (#24254327)

Nice try but Open DNS also redirect invalid DNS request

Re:easy solution (5, Interesting)

Shabbs (11692) | more than 6 years ago | (#24254329)

Funny thing is that OpenDNS also re-directs bad URLs to their search page. So really, how much better is it? ;)

Re:easy solution (0)

Anonymous Coward | more than 6 years ago | (#24254549)

Try these 4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4.

Re:easy solution (0)

TavisJohn (961472) | more than 6 years ago | (#24254857)

Every ISP does that now. I would rather give OpenDns that than my ISP, as I am already paying them why should I also give them advertising money when I make a URL mistake. I would rather give that money to someone else.

Re:easy solution (1)

John Hasler (414242) | more than 6 years ago | (#24255089)

> Every ISP does that now.

CenturyTel isn't doing it here.

Re:easy solution (2, Interesting)

jcam2 (248062) | more than 6 years ago | (#24255333)

Worse still, they were (and maybe still are) redirecting lookups for google.com to their own servers .. and I'm pretty sure that Google isn't often down.

Re:easy solution (0)

Anonymous Coward | more than 6 years ago | (#24255397)

It's 100 times better - It's "Open"

Re:easy solution (3, Informative)

deraj123 (1225722) | more than 6 years ago | (#24254727)

For all those responding to your post that OpenDNS does the same thing. I am currently using OpenDNS, and it is working exactly as I would like, with no invalid responses, no ad-search type pages, etc.

If you sign up for an account (free) with OpenDNS, they give you a dashboard where you can configure how you want them to respond to certain types of requests. If you turn ALL of the options OFF, then their DNS service acts exactly as it should, with no hijacking of your requests. (for awhile, you couldn't turn off the google redirect issue, but they've even added an option for that now...)

Ignore their servers (5, Informative)

surmak (1238244) | more than 6 years ago | (#24254245)

If the ISP is messing with the DNS service, the best thing to do is to use a different service.

For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)

I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible

If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.

Re:Ignore their servers (1)

nurbles (801091) | more than 6 years ago | (#24254601)

That's great for people who use the service strictly for network access. But for folks who use the ISP's other services (like email, news, and possibly even web hosting) are likely to find that none of the ISP's servers are visible when not using the ISP's DNS servers from inside the ISP's network. I know this is true for RoadRunner, because I tried exactly what you said, only to find that only RR's DNS knows about their email or news servers, for example.

What bugs me most about RR's mechanism is that it seems to take some time before it starts working (after initially powering on the cable modem) because even attempts to visit places like www.imdb.com and www.google.com have taken me to RR's "perhaps you meant to type this" page, with the exact address entered offered as the first suggested "correction!"

Re:Ignore their servers (1)

nabsltd (1313397) | more than 6 years ago | (#24255027)

That's great for people who use the service strictly for network access. But for folks who use the ISP's other services (like email, news, and possibly even web hosting) are likely to find that none of the ISP's servers are visible when not using the ISP's DNS servers from inside the ISP's network. I know this is true for RoadRunner, because I tried exactly what you said, only to find that only RR's DNS knows about their email or news servers, for example.

The only real solution is to run a local caching-only DNS server, and set it up so that all queries except ".rr.com" domains go out normally, while sending queries for ".rr.com" to their servers.

Since there are quite a few free (either open or closed source) caching DNS servers for almost every OS, there really isn't a reason why everybody doesn't run a caching server anyway.

Re:Ignore their servers (1)

notnAP (846325) | more than 6 years ago | (#24254685)

How many people have their workstations directly connected to the internet modem, using a public IP ; and how many people have some sort of router between the modem and the workstation, like a home wireless router?

I'd guess the latter is far more common (and , of course, safer when done right). If so, you are likely running your own DHCP server on that router for your internal subnet, or have manually set permanent internal numbers for your workstations. In that case, you've also set your own DNS defaults at the DHCP Server or workstation setup.

Re:Ignore their servers (1)

metafizzical (1203436) | more than 6 years ago | (#24254687)

Mac users might like to know they already have a DNS cache running. lookupd caches DNS queries by default.

Re:Ignore their servers (0)

Anonymous Coward | more than 6 years ago | (#24254841)

The DNS Client service (which is used by default for DNS lookups) does the same thing on Windows.

What would be the danger... (3, Interesting)

Anonymous Coward | more than 6 years ago | (#24254247)

This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior? It seems that ISPs are doing more and more to circumvent "standards" for their own gain. Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.

Re:What would be the danger... (1)

Ant P. (974313) | more than 6 years ago | (#24255395)

Given that ICANN are worse than these ISPs, giving them *more* power over the internet is the last thing anyone should be suggesting.

How annoying (2, Informative)

Anonymous Coward | more than 6 years ago | (#24254253)

My ISP has been doing the same thing for a while now. It fucks with the stored history in my browser. I make a mistake and every time I'm typing in the correct URL later, my mistake is shown as an option from my history.

My ISP is the American ISP Charter [charter.net] . When I type in a bad url, I get a search page like this [charter.net] .

Re:How annoying (1)

jrwr00 (1035020) | more than 6 years ago | (#24255019)

I'm in St. Louis, with charter internet, they do the same thing here, its annoying as hell

DNSSec also does authenticated NXDOMAINs (0)

Anonymous Coward | more than 6 years ago | (#24254265)

DNS is a distributed database and what these providers do is forgery of database records in the authority of the TLD registries.

Almost affected (0)

Anonymous Coward | more than 6 years ago | (#24254311)

I'm with Rogers too, and on my linux router "www.rogersviolatingnetneutrality.com" resolves to 8.15.7.107, 63.251.179.17, and 65.200.200.47, but on my LAN behind the same linux router, it does not resolve.
The LAN PCs' only DNS server is the linux router, which is running dnsmasq, and the linux router's primary DNS server is Rogers, and another 2 from the 4.2.2.x ones.

Re:Almost affected (1)

Ihmhi (1206036) | more than 6 years ago | (#24254815)

And your link takes me to http://www.shoprbc.com/ca/index.php [shoprbc.com] . Nice try at a Slashvertisement.

Re:Almost affected (0)

Anonymous Coward | more than 6 years ago | (#24255237)

Looks like someone didn't RTFA.
"www.rogersviolatingnetneutrality.com" is mentioned in there as a website that doesn't exist, but it's been snatched up already:

http://www.whois.net/whois_new.cgi?d=rogersviolatingnetneutrality&tld=com

  Registrar of Record: TUCOWS, INC.
  Record last updated on 19-Jul-2008.
  Record expires on 19-Jul-2009.
  Record created on 19-Jul-2008.

NOT Slashvertisement.

Re:Almost affected (0)

Anonymous Coward | more than 6 years ago | (#24255357)

that was not a hyperlink, just a domain name taken directly from the article

get your facts straight before accusing

ever think that maybe, just maybe, a link like that would not normally take you to a shopping site?

or that maybe, just maybe, there are sites that auto-register domains when you do a search on them [slashdot.org] ?

RCN (0)

Anonymous Coward | more than 6 years ago | (#24254325)

RCN in the Lehigh Valley (Pennsylvania) does the exact same thing. Just in the last month, they seemed to have stopped in our area... but maybe my incessant complaining did the trick. Although, who knows... maybe they just put me on a list of people who opt out, even though they told me such a list didn't exist.

Noticed this yesterday too (2, Informative)

greatclare (720334) | more than 6 years ago | (#24254349)

I noticed this yesterday and asked about it a DSL Reports and got some interesting replies like this one:
"I've recently noticed this as well. I use rogers DNS as a secondary dns and 4.2.2.1 as my primary. Either way 30 seconds after seeing this I got annoyed and in firefox 3 typed in...
"about:config" in the address bar, accepted the "This will void warranty" message and proceeded to type in "browser.search.search" into the filter bar
you should see "browser.search.searchEnginesURL" come up after typing it, all i did was replaced the default value to "www.google.com" and instantly every time i type something in it will goto google instead wooo!!!"
read more at - http://www.dslreports.com/forum/remark,20813296 [dslreports.com]

Been done before (2, Interesting)

Anonymous Coward | more than 6 years ago | (#24254359)

EarthLink has been doing this for years. They have a workaround using "unsupported" servers that maintains real DNS behavior.

http://blogs.earthlink.net/2006/09/more_info_on_dead_domain_handl.php

nothing new (0)

Anonymous Coward | more than 6 years ago | (#24254375)

charter here in oregon does this too so I dont see what the big surprise is to everyone... its almost standard practice for ISPs... Open DNS.

Fantastic. (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 6 years ago | (#24254385)

Let me guess... They either already have, or soon will in a pitiful pretense of response to criticism, offer some sort of insanely weak opt-out mechanism.

I'm guessing one of two things:
Manually configure alternate DNS servers on a per device basis(a la Verizon's current setup, may they be thrice cursed)
or:
Something involving cookies, a la Phorm and friends.

For things like this, opt-out just isn't good enough.

Re:Fantastic. (1)

MightyMartian (840721) | more than 6 years ago | (#24254435)

The solution is rather simple. Just run your own caching server. They're pretty trivial to set up, and other than updating the root servers every once in a while (I had this being done periodically when I was running Bind), the problem is solved. Unless of course they start intercepting port 53, but at that point, I'd say you have a seriously evil ISP and it's time to switch.

Re:Fantastic. (2, Insightful)

fuzzyfuzzyfungus (1223518) | more than 6 years ago | (#24254555)

Oh, I agree, this one isn't hard to dodge, if one has even a modicum of skill; and I doubt that it ever will be harder than that, since the ISP probably doesn't make all that much money, per user, on this and thus has fairly limited motivation to piss enough people off to spark scrutiny, or even just spend money tightening the noose.

That said, I think that this one is a good example of the unpleasant fact that control doesn't actually have to be very good in order to have its effect(great firewall is perhaps the iconic example). This only gets worse when you consider that any given individual faces dozens to hundreds of impositions of this flavor, each requiring just a little bit of some flavor of knowledge and attention(different ones in different places, though. This one needs a dash of DNS-foo, something inscrutable involving credit cards will require a dash of knowledge of credit law tomorrow, the day after that it'll be something from the phone company about subscriber private information, and so on and so forth). In each individual case, there is arguably a decision being made; but the overall effect is a pretty sad mockery of the notion of choice.

Rogers DNS server (0)

Anonymous Coward | more than 6 years ago | (#24254403)

If anyone is curious, one such Rogers DNS server is 64.71.255.198.

TDS Telecom, too. (0)

Anonymous Coward | more than 6 years ago | (#24254409)

TDS Telecom has started doing this recently, as well. I'm not sure if their services are available in Canada, but I figure others should be made aware of it if they weren't already. Is there a list of ISP's and how they rank as far as net neutrality and subscriber privacy/rights are concerned? Not that the masses would care, but it would be nice to know which companies to avoid.

http://searchguide.tds.net/index.php?origURL=http://invalid.xyz [tds.net]

Manitoba Telecom Systems (0)

Anonymous Coward | more than 6 years ago | (#24254415)

Another Canadian ISP, Manitoba Telecom Systems, has started doing the same thing as of a month ago. It's really scummy, but not unsurprising since they were recently privatized.

PaxFire (5, Insightful)

Effugas (2378) | more than 6 years ago | (#24254481)

[This is Dan Kaminsky]

I took a look at what Rogers is doing. They're using PaxFire, who indeed was directly vulnerable to the attacks I described at Toorcon a few months ago. PaxFire fixed their stuff up, but yes, the security of the web at Rogers is limited to the security of those ad servers at PaxFire.

Verizon Does the Same (0)

Anonymous Coward | more than 6 years ago | (#24254545)

Verizon does the same thing. They have a howto page that tells you how to switch DNS if you do not want to see their DNS redirects page. Even if you follow their instructions and change the DNS values to the recommended ones, you still get redirected!

Only way around it is to use google to enter urls. It requires one extra step, but I do not have to see Verizon's crappy search page.

Add Insight to the list (3, Insightful)

sokoban (142301) | more than 6 years ago | (#24254553)

I guess the thought with the ISP's nowadays is that "everybody else is doing it, why can't we?"

Re:Add Insight to the list (2, Informative)

sokoban (142301) | more than 6 years ago | (#24255165)

And my comment was moderated...

+1 Insightful

[Rimshot]

Comcas (1)

wolfponddelta (922904) | more than 6 years ago | (#24254577)

Where I live, Comcast started this a few days ago, as well. (a smaller company was sold to comcast last year, and so we were stuck with them). Oddly enough, however, instead of being redirected to a comcast page, we're being redirected to an earthlink ad page.

A spot of research brought up this Wired article from April on possible site hijacking through such error pages... http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html [wired.com]

Not sure if it's related, but Comcast was recently in discussions to sell their rights up here (that they just bought), and one of the possible buyers, iirc, was Roger's (though am not in Canada, just very near).

par for the course (0)

Anonymous Coward | more than 6 years ago | (#24254587)

This is typical of Rogers and the other government anointed monopolies. By barring foreign competition, these large businesses have no incentive to listen to customer demand and market forces. They are free to act with wanton disregard for anything, save the bottom line.

Other examples of broken laws regarding foreign competition in Canadian markets:

- The Rogers iPhone data gouging fiasco
- Bell & Telus' plan to charge for incoming text messages
- Bell throttling its wholesale DSL customers, OUTSIDE of its network
- Expressvu (Bell again!) and Starchoice being able to package programming at inflated rates with no a-la-carte option
- Guelph Hydro taking deposits on which they 'give' customers an interest rate of prime MINUS two percent
- All Canadian banks CHARGING customers for the privilege of holding their money and paying .25% interest rates on saving accounts(!!)

the list goes on. no competition = bad bad bad for consumers.

Opt-out, or is it? (0)

Anonymous Coward | more than 6 years ago | (#24254593)

I'm a Rogers customer, and I noticed this earlier today, as I often use my Firefox address bar as a way to get to sites. What I used to be able to do is type a search term, and if the domain could not be resolved, it would do a Google search and open the first result â" which is the page I want, 90% of the time.

Suddenly, I got this Rogers (powered by Yahoo!) search page. Fortunately, I thought, there's a link to opt-out (by putting a cookie in the search.rogers.com domain). I did this, and I indeed no longer get the search page. Instead, when I type something that doesn't resolve, I'm sent to http://www20.search.rogers.com/not_found instead, which shows a broken IIS 404 (with a link to opt back in to their search program).

If they're going to provide this, it's not a big deal to me as long as I can opt out â" and truly opt out altogether.

Timewarner/Verizon (0)

Anonymous Coward | more than 6 years ago | (#24254605)

I have Road Runner (prior Adelphia customer) and they had an opt-out mechanism, that seemed to work.

On roadrunner's business product (at my job) they didn't seem to do the same sneaky thing (no dns foully)

I've also witnessed this on Verizon FIOS, I think they had an opt-out option as well, but I'm not sure if it works, (wasn't my connection)

Its good that they are doing an opt-out, but its sneaky and should be opt-in.

-Andrew

Rogers are Scum (1)

JeremyBanks (1036532) | more than 6 years ago | (#24254641)

I've switched over to TekSavvy and am very happy. Paying less, too.

Re:Rogers are Scum (1)

CastrTroy (595695) | more than 6 years ago | (#24254993)

Is Bell still throttling their services? I know there's a courtcase going on right now against that, but I was wondering if they had to stop now, or if they could wait until they were actually found guilty of something.

Just change DNS Servers. (2, Informative)

GNUALMAFUERTE (697061) | more than 6 years ago | (#24254835)

This is the best way:

on resolv.conf:

nameserver 4.2.2.1
nameserver 4.2.2.2

If you have a laptop or other device where you might use different connections, this is a good way to make sure your DNSs are not changed by different apps (I might connect using either wvdial or kppp, through EDGE/3G, or using KDE's wlan manager, simple DHCP on ethernet, etc)

Just set the immutable flag on your resolv.conf file:

chattr +i /etc/resolv.conf

If you want to make it writable again run:

chattr -i /etc/resolv.conf

Re:Just change DNS Servers. (3, Informative)

mysidia (191772) | more than 6 years ago | (#24255111)

It is not recommended to set immutable bit, as it causes issues in various situations (like restoring /etc from a backup). Failure to write to an immutable file is an API issue unique to Linux boxes that use ext2fs or ext3fs.. Systems that run ReiserFS, XFS, or jfs, don't have this bug.

Future versions of DHCPD/Ifplug, or the C library, may very well properly detect the 'immutable' bit and clear it, before writing, then re-set the bit after finishing.

Just like they do if you're root and try to write to a file that exists with mode 444.

Essentially, immutable bit was historically a half-baked feature intended to be used with 'securelevel'.

The concept is you are able to mark important system files immutable, and then raise the securelevel. Once the securelevel is raised, the filesystem will not allow important system to be changed without booting in single user mode.

The removal of securelevel from the kernel in 2.4.x likely means that the days of the 'immutable' bit are numbered as well. Some day you may upgrade your kernel, and be surprised to find out immutable doesn't do anything anymore.

The reliable way to turn off gathering of DNS settings from DHCP is to use distro-specific instructions.

For example, in Redhat-based distros you edit /etc/sysconfig/network and specify "PEERDNS=no"

Of course, now that you understand the risk that the immutable bit may stop working for you unexpectedly later, you can go ahead and try setting it anyways... because it's easy, and simpler than configuring your network software the right way.

Redirect DNS (1)

Krneki (1192201) | more than 6 years ago | (#24254895)

What is the problem with redirecting wrongly typed Url? It's not like "Page not found" helps a lot. I like OpenDNS search engine, if I miss-type the url.

Re:Redirect DNS (1)

John Hasler (414242) | more than 6 years ago | (#24255323)

They don't know that the URL was wrongly typed (or typed at all, for that matter). All they know is that they can't find a DNS record for it.

Re:Redirect DNS (1)

Todd Knarr (15451) | more than 6 years ago | (#24255339)

What's the problem? Well, first the problem is that you're assuming that every DNS lookup is from a Web browser. What happens to my copy of Eclipse, which is not a Web browser but uses DNS lookups and HTTP to find the servers to check for updated files? It depends on getting a "not found" DNS error to tell it when a server doesn't exist anymore, and it's going to have a real hard time when someone usurps that and hands it an HTML page instead of the file-version XML or HTTP 404 error it expects.

The Internet consists of more than humans looking at Web pages in a graphical Web browser.

Firefox workaround? Greasemonkey? (1)

BrianMertens (31169) | more than 6 years ago | (#24255009)

So who wants to whip up a greasemonkey script that redirects the Rogers hijack page to, say, a Google search?

Please?

Opt Out (1)

gklinger (571901) | more than 6 years ago | (#24255017)

Yes, it's obnoxious and offensive and worth pointing out that at the bottom of their 'helpful' page is a link marked LEARN MORE ABOUT THIS PAGE [rogers.com] which gives the following explanation:

These search results were provided because the domain name you entered into the address bar is either improperly formatted, currently unavailable, nonexistent, or part of a key word search. Rogers Supported Search Results is a service designed to enhance your web surfing experience by eliminating many of the error pages you encounter as you surf.

No software was installed on your computer for this service to work.

Click here [rogers.com] if you would no longer like to receive the Rogers Supported Search Results service.

Now for the best part. All that links does is display this custom error page (with the help of a delightful cookie, no less). Rogers has dug out a crawl space under their all time low. What a bunch of idiots.

Re:Opt Out (0)

Anonymous Coward | more than 6 years ago | (#24255283)

Ho ho, That's so funny, Rogers. [rogers.com]

But I know for a fact that I'm NOT using Internet Explorer! Haha, Rogers, fooled again!

I use Shaw, and to my knowledge, they haven't pulled off this crap... yet.

How is this news? (1)

Nethemas the Great (909900) | more than 6 years ago | (#24255035)

How is this news? In the US at least ISPs have been sending people off to http://wwwwh.found-not-help.com/ [found-not-help.com] type places with DNS spoofing magic for years.

Windstream too (1)

jarndt (553380) | more than 6 years ago | (#24255061)

Windstream [windstream.com] started this kind of crap earlier this year. I instantly installed my own DNS server. Shortly after that, I learned that Windstream has alternate clean DNS servers.

166.102.165.32
207.91.5.32
From: http://www.dslreports.com/forum/r19794173-Windstream-DNS-Servers-With-and-Without-Ads [dslreports.com]

Slow on the up-take (1)

IBBoard (1128019) | more than 6 years ago | (#24255079)

Orange did this in the UK at least 18 months ago, I think. Tech Support wouldn't tell me how to get round it (they didn't seem to understand that I didn't feel it was a "feature"), but I found other DNS servers on the Net.

AFAIK none of it is anywhere close to DPI, though. All the other services do is have a DNS server that goes "If I can't find a legit domain then return the IP of the ISP's web server" and the web server is set to listen for all requests, regardless of domain, and then does a search/advert page based on what domain you used.

Even ignoring the technical aspects it breaks, it's just wrong on so many levels.

And I was modded (1)

sokoban (142301) | more than 6 years ago | (#24255151)

+1 Insightful

[Rimshot]

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>