New Jersey's Cablevision Hijacks DNS Error Pages

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

Hostnames that start with www

[tepples]

The problem is that there is no reason to assume that just because a machine is making a DNS query it intends opening a TCP connection to port 80 (or 443).

Even if the hostname starts with www ?

Re:The submitter confuses DNS and HTTP errors

[INeededALogin]

The problem is that there is no reason to assume that just because a machine is making a DNS query it intends opening a TCP connection to port 80 (or 443).

Most things that don't use HTTP are going to be saved in a config file somewhere or configured once. For instance, if you are going to use ftp, you will bookmark the ftp server. Same thing for IRC, usenet, SMTP, POP/IMAP. Basically, most DNS errors will be generated from web browsers since most people type in the address and everyone knows that end-users two finger type.

The people doing this had better have made sure that the machine serving these ads can cope with being bombarded with random IP traffic :)

I know you put a smiley, but non-port 80 traffic should never hit these 404 serving machines. It should be cut-off at a firewall. Even if it wasn't, this is a consumer service and I highly doubt that much random IP traffic will be generated that isn't HTTP. While we are on this subject, this could also give them places to expand to. Why not an Ad Serving FTP, SMTP, SSH, Telnet... servers that disconnects you after the ad. Brilliant!