Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Jersey's Cablevision Hijacks DNS Error Pages

Posted by timothy on from the fine-line-between-service-and-serviced dept.

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

9 of 200 comments (clear)

  1. Re:hey by pandrijeczko · · Score: 2, Interesting

    They probably use a transparent web proxy between the user PC and the web server.

    When the web server sends a standard 404 error page, it goes via the proxy which puts its page in place of it.

    --
    Gentoo Linux - another day, another USE flag.
  2. Possible solution? by Gordonjcp · · Score: 4, Interesting

    They're returning adverts for failed DNS lookups, not 404 pages, as others have helpfully pointed out.

    How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.

    1. Re:Possible solution? by hal9000(jr) · · Score: 3, Interesting

      How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.

      Wouldn't that actually help. The impression revenue is probably tied to ad's that are *presented*. If you simply did a bunch of look-ups on fake names, all you would get are A records to the ad page. You would then have hit the web server, download the page and any elements. Then the advertisers would be paying per impression.

    2. Re:Possible solution? by Piranhaa · · Score: 3, Interesting

      As much as I hate dns being hijacked (I don't have the issue as I run my own), I'm sure these ISPs view it in a different light. Their argument will be that it's a 'feature' rather than being intrusive on people's browsing: "Helping our customers get to the proper website" or that it helps keep the price of the internet service low so you don't have to pay as much per month. Also, if you start hammering this, I'm sure a flag will rise (if they're at least half smart) and they'll send a nice email out to you stating that you're abusing your service, yada yada..

      Not that any of this is a good thing, but you gotta see it from another prospective...

    3. Re:Possible solution? by halcyon1234 · · Score: 2, Interesting

      That's the great thing about DNS servers-- just like a customer of the ISP doesn't need to use the ISP-provided servers, you don't need to a customer of the ISP to use the ISP provided servers.

      The OP can still use their plan to hammer the servers without violating their terms of service. Just get a bunch of non-customers to switch their DNS to EvilCorp. Write a script to throw out DNS-error requests. Scoop up all the ad-crap that sluices down the tubes, and poison the results. Once you have all the data you need, you can forge your own "impression" requests. Slap them as background "pixel" requests onto the webpage of your choice, throw a LoLCat on it, and let the teeming millions do the rest of the work for you.

      --
      UTF-8: There and Back Again
    4. Re:Possible solution? by Suzuran · · Score: 2, Interesting

      And when your service is shut off for excessive downloading?

  3. OpenDNS does this by fprintf · · Score: 3, Interesting

    I just redirected my DNS queries to OpenDNS, mostly because of the content/phishing filtering they offer but also some of the statistics on my connection. They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.

    --
    This post brought to you by your friendly neighborhood MBA.
    1. Re:OpenDNS does this by geminidomino · · Score: 2, Interesting

      They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.

      If that's the case then, regardless of how ethical or up-front they may be about it, then they are unsuitable for certain uses. Ran into this when earthlink started doing this crap and I was running a dnsbl for my own mail server, with forwarding set to one of ELN's DNS servers. Suddenly nothing came through. It was because everything was coming back as a hit.

  4. Re:Give me a break... by geminidomino · · Score: 5, Interesting

    Site finder was slightly different from this, in its scope. I doubt ICANN will get involved

    Verisign abused it's stewardship of the DNS Root servers (i.e. the Nameserver's nameservers, those servers that every(?) nameserver contacts to find out who to query...etc...).

    In other words, if your ISP is doing something douchy like this, you can use another nameserver/run your own. That was not really an option with sitefinder