Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canadian ISP Hijacking DNS Lookup Errors

Posted by Soulskill on from the both-hands-in-the-cookie-jar dept.

Freshly Exhumed tips us to news that Canadian ISP Rogers Cable appears to be redirecting invalid DNS requests to their own search and advertising page. Roadrunner got caught doing the same thing earlier this year. According to the article, "The hijacking appears to be an attempt by Rogers to use its Deep Packet Inspection (DPI) technology to cash in on the mistakes of its users." Freshly Exhumed also reminds us, "As IOActive security researcher Dan Kaminsky has warned in the past, this presents a very serious security problem."

4 of 225 comments (clear)

  1. Good Grief by MightyMartian · · Score: 4, Interesting

    I know one problem it can cause is for a number of spam tests which look for the message coming from a legitimate domain. When the DNS server says "yup, that resolves" even when there's actually no domain, the test is defeated.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  2. What would be the danger... by Anonymous Coward · · Score: 3, Interesting

    This type of behavior is wrong on so many levels so I wonder what would be the danger of having ICANN police this type of behavior? It seems that ISPs are doing more and more to circumvent "standards" for their own gain. Would it be too much to ask ICANN to come up with a set of rules that ALL ISPs must adhere to or risk losing their netblock? I'm not even sure ICANN would do anything but I'm just posing the question.

  3. Re:easy solution by Shabbs · · Score: 5, Interesting

    Funny thing is that OpenDNS also re-directs bad URLs to their search page. So really, how much better is it? ;)

    --
    Mark
  4. Re:Well I'll be... by Holmwood · · Score: 5, Interesting

    Worse than this even. I've been redirected to Rogers Search pages, replete with advertising, for domains that I know exist, and that I know have been entered correctly (e.g. via a bookmark).

    It used to happen a lot with http://ragnartornquist.com/ (Tornquist is a senior game designer for Funcom). Granted that's a tough name to spell properly for a North American, but since I'd click on a bookmarked link, or a google page, I was sure it wasn't a problem with my typing.

    What started to give it away as being something at Rogers (rather than my computer infected with malware) was that this was happening on every device I connected to the net -- Lynx on BSD, Safari on Apple, Opera on Maemo, Iceweasel on Ubuntu, and, of course, Firefox/IE/Opera on Windows.

    (Yeah, I have a lot of different OS's sitting around!)

    For a while I then became convinced my router had been compromised, but even switching routers didn't fix it.

    Concluding it was unlikely that five different OSes and myriad different browsers had all been compromised, as well as two different routers, I contacted Rogers.

    They said they were experimenting with "Software Improvements" and that the problem should go away for existing domains.

    Well, using a proxy fixed it for me. But not a pleasant solution.

    Software Improvements.

    And the problem did go away for me at least. But I wonder if anyone else is being redirected to Rogers garbage pages for domains which exist.

    Holmwood.