Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Jersey's Cablevision Hijacks DNS Error Pages

Posted by timothy on from the fine-line-between-service-and-serviced dept.

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

36 of 200 comments (clear)

  1. Give me a break... by geminidomino · · Score: 5, Informative

    Even on slashdot, we have people who don't know a DNS error (and yes, TFA gets it right) from a 404 (which can't be hijacked without modifying the stream itself)

    1. Re:Give me a break... by geminidomino · · Score: 5, Interesting

      Site finder was slightly different from this, in its scope. I doubt ICANN will get involved

      Verisign abused it's stewardship of the DNS Root servers (i.e. the Nameserver's nameservers, those servers that every(?) nameserver contacts to find out who to query...etc...).

      In other words, if your ISP is doing something douchy like this, you can use another nameserver/run your own. That was not really an option with sitefinder

    2. Re:Give me a break... by elrous0 · · Score: 4, Funny

      You didn't see nuthin', got it?

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    3. Re:Give me a break... by nedlohs · · Score: 2, Informative

      Not the root servers.

      The .com, .net, whatever they had level ones - one below the root, still ones you have to use if you want DNS to work...

  2. Re:hey by pandrijeczko · · Score: 2, Interesting

    They probably use a transparent web proxy between the user PC and the web server.

    When the web server sends a standard 404 error page, it goes via the proxy which puts its page in place of it.

    --
    Gentoo Linux - another day, another USE flag.
  3. The submitter confuses DNS and HTTP errors by thetorpedodog · · Score: 5, Informative

    The Cablevision and Road Runner services both only hijack DNS no-such-domain errors, not HTTP 404s. Neither is a good thing, but hijacking DNS is much less insidious than the deep-packet inspection or mandatory proxying required to hijack 404 errors.

    --
    This sig is certified free of self-referential humour!
    1. Re:The submitter confuses DNS and HTTP errors by basscomm · · Score: 3, Informative

      Insight Communications in Indiana and Kentucky have been doing this for a while now.

      --
      http://crummysocks.com
    2. Re:The submitter confuses DNS and HTTP errors by teridon · · Score: 2, Informative

      I was curious, so I went and found instructions from Verizon on how to switch:
      http://netservices.verizon.net/portal/link/help/item?case=dns_assist&partner=verizon&product=fios

      However, some of the links from that page go nowhere.

      This page has links to the actual DNS server IPs:
      http://netservices.verizon.net/portal/link/help/index.jsp?epi_menuItemID=c567d167631f692124525d7253295c48&objId=23885

      --
      I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
  4. No, they didn't by schon · · Score: 5, Informative

    New Jersey's Cablevision Hijacks 404 Error Pages

    No, they didn't.

    If the submitter had read the summary, they would know that it's DNS errors that are being hijacked, not 404s.

    It's an important difference - 404 means that they are transparently proxying your connections, which can cause problems with various sites (and that they are recording every URL you visit.)

    For example: http://slashdot.org/akasjdflkasdjfl;kajsdl;aksdjfkdjkfdjlkjsdf would not be affected by this, whereas http://sslashhdot.org/ would.

    Is it *too* much to ask that a technical news site present technical articles correctly?

    1. Re:No, they didn't by zerocool^ · · Score: 4, Insightful

      Right, and while it might seem repulsive to some to have them proxy your web connections, I honestly find it more repulsive to hijack failed DNS queries, because this affects spam. Maybe it's just because I work for a professional email hosting company, but come on now. Failed dns lookup = drop mail as spam. Maybe not as critical because it's an ISP with mostly end users, but what if they're doing this to their small business customers, too?

      ~Wx

      --
      sig?
    2. Re:No, they didn't by Tim+C · · Score: 4, Insightful

      It's an important difference - 404 means that they are transparently proxying your connections

      And inspecting the packet contents looking for HTTP 404 error code returns, and either modifying the returned HTML to insert their own ads or else (and much, much simpler and more practicable) discarding the rest of the data stream and substituting their own.

      Hijacking DNS errors is wrong; hijacking HTTP 404 returns would be Evil.

      --
      It's official. Most of you are morons.
  5. Bad Summary by pdragon04 · · Score: 2, Informative

    How about the editors actually read the article and correct glaring mistakes for a change? Even before this made it out of the Firehose, there were responses that it was DNS failures and not 404 messages.

  6. What's next ? by MRe_nl · · Score: 3, Funny

    The blue screen of russian women 4 U? BSORW4U!
    or
    Buy Vi4GR@ now! By the way: Syntax error.

    --
    "Kill 'em all and let Root sort 'em out"
  7. Solution for ISPs mucking with DNS results by hakr89 · · Score: 3, Insightful

    Don't use your ISP's DNS servers.
    Find another public server or run your own.

    1. Re:Solution for ISPs mucking with DNS results by Rude+Turnip · · Score: 2, Informative

      That's a good thought and a viable one. I do the same thing myself. The problem is that my dollars are still going to support the ISP's DNS servers, which still warrants complaint.

      --
      Bill Clinton: Pimp we can believe in. - The Shirt!!!
  8. Possible solution? by Gordonjcp · · Score: 4, Interesting

    They're returning adverts for failed DNS lookups, not 404 pages, as others have helpfully pointed out.

    How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.

    1. Re:Possible solution? by hal9000(jr) · · Score: 3, Interesting

      How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.

      Wouldn't that actually help. The impression revenue is probably tied to ad's that are *presented*. If you simply did a bunch of look-ups on fake names, all you would get are A records to the ad page. You would then have hit the web server, download the page and any elements. Then the advertisers would be paying per impression.

    2. Re:Possible solution? by Piranhaa · · Score: 3, Interesting

      As much as I hate dns being hijacked (I don't have the issue as I run my own), I'm sure these ISPs view it in a different light. Their argument will be that it's a 'feature' rather than being intrusive on people's browsing: "Helping our customers get to the proper website" or that it helps keep the price of the internet service low so you don't have to pay as much per month. Also, if you start hammering this, I'm sure a flag will rise (if they're at least half smart) and they'll send a nice email out to you stating that you're abusing your service, yada yada..

      Not that any of this is a good thing, but you gotta see it from another prospective...

    3. Re:Possible solution? by halcyon1234 · · Score: 2, Interesting

      That's the great thing about DNS servers-- just like a customer of the ISP doesn't need to use the ISP-provided servers, you don't need to a customer of the ISP to use the ISP provided servers.

      The OP can still use their plan to hammer the servers without violating their terms of service. Just get a bunch of non-customers to switch their DNS to EvilCorp. Write a script to throw out DNS-error requests. Scoop up all the ad-crap that sluices down the tubes, and poison the results. Once you have all the data you need, you can forge your own "impression" requests. Slap them as background "pixel" requests onto the webpage of your choice, throw a LoLCat on it, and let the teeming millions do the rest of the work for you.

      --
      UTF-8: There and Back Again
    4. Re:Possible solution? by Suzuran · · Score: 2, Interesting

      And when your service is shut off for excessive downloading?

  9. You can opt out here... by profet · · Score: 4, Informative

    http://www.optimum.net/DNSRedirect/DoOptOut

  10. Re:404? by Constantine+XVI · · Score: 2, Informative

    404 == HTTP error code for "page not found". And the summary's wrong, they're actually hijacking 502 (bad gateway/no such domain) pages, which is a major difference. Hijacking 502s only requires their DNS servers to redirect nonexistent domains to the ad page, while hijacking 404s would require them to sniff every page you visit.

    --
    "I think an etch-a-sketch with an ethernet port would beat IE7 in web standards compliance."
  11. OpenDNS does this by fprintf · · Score: 3, Interesting

    I just redirected my DNS queries to OpenDNS, mostly because of the content/phishing filtering they offer but also some of the statistics on my connection. They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.

    --
    This post brought to you by your friendly neighborhood MBA.
    1. Re:OpenDNS does this by geminidomino · · Score: 2, Interesting

      They make their money, or propose to, by doing this very thing... redirecting Domain Not Found error messages to ad supported pages.

      If that's the case then, regardless of how ethical or up-front they may be about it, then they are unsuitable for certain uses. Ran into this when earthlink started doing this crap and I was running a dnsbl for my own mail server, with forwarding set to one of ELN's DNS servers. Suddenly nothing came through. It was because everything was coming back as a hit.

  12. I love /. by elrous0 · · Score: 5, Funny

    I love it when an editor or story writer makes a technical error on /. You can actually hear the simultaneous erections of a thousand anal-retentive techies, each typing as fast as they can without even bothering to check if their fellow anal-retentives hadn't already pointed the same thing out in dozens of posts. It's the best sexual gratification most of them are going to get all day.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:I love /. by deander2 · · Score: 2, Funny

      and i love the smell of condescension and self-righteousness in the morning...

      --
      http://kered.org
  13. Marginal cases by InspectorxGadget · · Score: 3, Funny

    Hey, let's not be too quick to judge here. Sometimes I do look for sex entertainment phentermine college click here now rolex and I'm glad at least one ISP understands that.

  14. Easily solved by houghi · · Score: 2, Informative

    http://www.opendns.com/

    However this does not solve it for less technical people as they would have no idea what is going on, would have no idea how to solve it and perhaps have not even a clue that there is a problem and that they typed in something wrong.

    If I were looking for nekid ladies, this might be help full. If I try to contact my bank it isn't. It could even be dangerous if things I were looking for is something similar to what I get presented as advertisement.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:Easily solved by IBBoard · · Score: 2, Insightful

      Yes, incredibly easy to solve your ISP hijacking failed DNS lookups by switching to a service that (by default) supports itself by hijacking failed DNS lookups ;)

      OpenDNS have (or at least used to have) a way of tagging your account as "don't show me the adverts and give me a proper response" but it is associated with an IP address.

      Every time we turn our router off for the night we get a new IP because the lease expires. As I run a Linux box I can't use their Mac or Windows "update your IP from the client" apps. If I get a new IP and forget to manually update then they'll still be giving me the adverts. That means there's still going to be a lot of people who can switch to OpenDNS but still won't get rid of hijacked results.

  15. Re:Hurting the Underlying Stablity of the Internet by guruevi · · Score: 4, Informative

    Quite simple: run a mailserver, then use these type of DNS servers. In a few days, you'll have so much mail that doesn't get accepted by xxx.xxx.xxx.xxx (your provider's DNS) that it might fill your storage. Then 7 days later (instead of a few hours later) the e-mail gets sent back with the message that the other server doesn't accept the mail (instead of saying that the domain doesn't exist) after being retried hundreds of times eating up valuable bandwidth and processing time. Then if your end-user isn't smart enough, he'll retry sending it, not noticing he has a typo in his address book, because after all, the other e-mail server DOES exist.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  16. Rogers Cable by Naito · · Score: 3, Informative

    Rogers Cable high-speed internet has been doing that for the past couple months now too. URL typos get redirected to their own search.rogers.yahoo.com or something like that, disabling toolbar search functions in browsers.

    The kicker is that I also think they're actively blocking access to other search engines periodically in order to increase usage of their own. www.Google.com will sometimes time-out while trying to load, but works fine when accessed through Dogpile meta-search.

    Since I've moved off of Rogers already, I can't do more experiments to test, but if anyone else is on it, I suggest you keep an eye out.

  17. Re:Charter Communications by carambola5 · · Score: 3, Informative

    A laughable example of how poorly implemented the Charter DNS error is:

    http://flickr.com/photos/listrophy/2194252038/

    Things to note:

    • This is an image of the opt-out result.
    • The browser running is Flock on OS X.
    • The result is a fake IE DNS error page with a "Manage Opt-in/Out Settings" link appended.
    • Charter was too lazy to even fix the image src attributes. (they point to res://...)
    • It's not a true opt-out, because it still returns a 200 OK rather than a DNS Lookup error.

    For this and many other things, I have since stopped using Charter. My soul feels so much cleaner now that I'm not giving them money.

    --
    IWARS.
    People, in general, disappoint me. Politicians even more so.
  18. Re:Hurting the Underlying Stablity of the Internet by nabsltd · · Score: 2, Informative

    And, the reverse that others have mentioned.

    If you use a DNS blocking list (DNSBL) for e-mail, you will stop receiving any e-mail, because every lookup will always return a "found", and DNSBLs work by returning NXDOMAIN if the site isn't listed, and returning an IP address if it is.

  19. Re:Moved off Rogers to what exactly? by davecb · · Score: 2, Informative

    Some of the small resellers buy raw bandwidth, so you can avoid the brain-damage.

    --dave

    --
    davecb@spamcop.net
  20. Suddenlink customers can opt out here by jeffhenson · · Score: 2, Informative

    http://search.suddenlink.net/prefs.php

  21. Re:No ads. What's the point then? by carambola5 · · Score: 2, Informative

    That's the "Opt-out" page... a 200 OK response. The "Opt-in" page has all of the ads.

    --
    IWARS.
    People, in general, disappoint me. Politicians even more so.