Canadian ISP Hijacking DNS Lookup Errors

Posted by Soulskill on Saturday July 19, 2008 @04:18AM from the both-hands-in-the-cookie-jar dept.

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

1 of 225 comments (clear)

Min score:

Reason:

Sort:

PaxFire by Effugas · 2008-07-19 05:03 · Score: 5, Insightful

[This is Dan Kaminsky]
I took a look at what Rogers is doing. They're using PaxFire, who indeed was directly vulnerable to the attacks I described at Toorcon a few months ago. PaxFire fixed their stuff up, but yes, the security of the web at Rogers is limited to the security of those ad servers at PaxFire.