Canadian ISP Hijacking DNS Lookup Errors

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

Re:easy solution

[v1]

so, how long before your ISP starts blocking use of DNS servers other than their own?

Fantastic.

[fuzzyfuzzyfungus]

Let me guess... They either already have, or soon will in a pitiful pretense of response to criticism, offer some sort of insanely weak opt-out mechanism.

I'm guessing one of two things:
Manually configure alternate DNS servers on a per device basis(a la Verizon's current setup, may they be thrice cursed)
or:
Something involving cookies, a la Phorm and friends.

For things like this, opt-out just isn't good enough.

Re:Fantastic.

[fuzzyfuzzyfungus]

Oh, I agree, this one isn't hard to dodge, if one has even a modicum of skill; and I doubt that it ever will be harder than that, since the ISP probably doesn't make all that much money, per user, on this and thus has fairly limited motivation to piss enough people off to spark scrutiny, or even just spend money tightening the noose.

That said, I think that this one is a good example of the unpleasant fact that control doesn't actually have to be very good in order to have its effect(great firewall is perhaps the iconic example). This only gets worse when you consider that any given individual faces dozens to hundreds of impositions of this flavor, each requiring just a little bit of some flavor of knowledge and attention(different ones in different places, though. This one needs a dash of DNS-foo, something inscrutable involving credit cards will require a dash of knowledge of credit law tomorrow, the day after that it'll be something from the phone company about subscriber private information, and so on and so forth). In each individual case, there is arguably a decision being made; but the overall effect is a pretty sad mockery of the notion of choice.

PaxFire

[Effugas]

[This is Dan Kaminsky]

I took a look at what Rogers is doing. They're using PaxFire, who indeed was directly vulnerable to the attacks I described at Toorcon a few months ago. PaxFire fixed their stuff up, but yes, the security of the web at Rogers is limited to the security of those ad servers at PaxFire.

Add Insight to the list

[sokoban]

I guess the thought with the ISP's nowadays is that "everybody else is doing it, why can't we?"

Re:Good Grief

[davolfman]

To be honest I still think this thing is a bomb waiting to go off when it comes to anything outside the TLD's. In my mind if someone does this for say badmachine.slashdot.org they are pretty much guilty of criminal trespass, trademark violation, and/or fraud. Within the TLD space say www.badurltest.org where the typo isn't already someone else's claimed property they can pretty much do whatever they want, or whatever we let them.

Re:easy solution

[antdude]

That's great if you have more than one ISPs. For me, cable is the only broadband ISP. If I want others, then I have to go back to dialup!

Re:Good Grief

No string of characters is or can be property.

Really? Quick, tell the US Patent and Trademark office!