Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canadian ISP Hijacking DNS Lookup Errors

Posted by Soulskill on from the both-hands-in-the-cookie-jar dept.

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

4 of 225 comments (clear)

  1. Ignore their servers by surmak · · Score: 5, Informative

    If the ISP is messing with the DNS service, the best thing to do is to use a different service.

    For Linux/Unix users, you can just run a caching-only server on the desktop system, and it will issue its own name requests from the root on down. I've been doing a slightly more complex version of this at home for VPN purposes. (Forward requests to my employer's net to the private internal DNS server (through the VPN), while querying the public internet for all other servers.)

    I don't know it a similar option is available for Windows users w/o shelling out big bucks, but it is technically feasible

    If you cannot run a caching-only server, another option is to use a third-party DNS server. The only problem here is that it would not be automagically configured by DHCP, and would have to be manually set up.

  2. Re:easy solution by tgx · · Score: 5, Informative

    no, they're doing the exact same thing.
    they're redirecting invalid requests to
    http://guide.opendns.com/?url=%5Burl.here%5D

    $ host aoeuidhtns.com
    Host aoeuidhtns.com not found: 3(NXDOMAIN)

    $ host aoeuidhtns.com 208.67.222.222
    aoeuidhtns.com has address 208.69.34.132

  3. Re:Good Grief by Anonymous Coward · · Score: 5, Informative

    Verizon has been doing this for a while. I read the Terms of Service, Acceptable Use Policy, etc. every time they update it. It's clearly there, disguised as a 'feature' called DNS Assistance.

    However, Verizon does have non-poisoned DNS servers which you can find in their Help pages, along with instructions for changing your machine's settings. http://netservices.verizon.net/portal/link/help/item&objId=23883

  4. Re:Good Grief by dosius · · Score: 5, Informative

    They tried to get me to use their poisoned servers, and as soon as I found out (btw, they DO report nxdomain, along with their error handling servers), I went back to the old ones.

    The poisoned ones were 68.237.161.12 (nsnyny01.verizon.net) and 71.250.0.12 (nsnwrk01.verizon.net), and the unpoisoned ones are 151.202.0.85 and 151.203.0.85.

    -uso.

    --
    What you hear in the ear, preach from the rooftop Matthew 10.27b