Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Jersey's Cablevision Hijacks DNS Error Pages

Posted by timothy on from the fine-line-between-service-and-serviced dept.

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

11 of 200 comments (clear)

  1. Give me a break... by geminidomino · · Score: 5, Informative

    Even on slashdot, we have people who don't know a DNS error (and yes, TFA gets it right) from a 404 (which can't be hijacked without modifying the stream itself)

    1. Re:Give me a break... by geminidomino · · Score: 5, Interesting

      Site finder was slightly different from this, in its scope. I doubt ICANN will get involved

      Verisign abused it's stewardship of the DNS Root servers (i.e. the Nameserver's nameservers, those servers that every(?) nameserver contacts to find out who to query...etc...).

      In other words, if your ISP is doing something douchy like this, you can use another nameserver/run your own. That was not really an option with sitefinder

    2. Re:Give me a break... by elrous0 · · Score: 4, Funny

      You didn't see nuthin', got it?

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
  2. The submitter confuses DNS and HTTP errors by thetorpedodog · · Score: 5, Informative

    The Cablevision and Road Runner services both only hijack DNS no-such-domain errors, not HTTP 404s. Neither is a good thing, but hijacking DNS is much less insidious than the deep-packet inspection or mandatory proxying required to hijack 404 errors.

    --
    This sig is certified free of self-referential humour!
  3. No, they didn't by schon · · Score: 5, Informative

    New Jersey's Cablevision Hijacks 404 Error Pages

    No, they didn't.

    If the submitter had read the summary, they would know that it's DNS errors that are being hijacked, not 404s.

    It's an important difference - 404 means that they are transparently proxying your connections, which can cause problems with various sites (and that they are recording every URL you visit.)

    For example: http://slashdot.org/akasjdflkasdjfl;kajsdl;aksdjfkdjkfdjlkjsdf would not be affected by this, whereas http://sslashhdot.org/ would.

    Is it *too* much to ask that a technical news site present technical articles correctly?

    1. Re:No, they didn't by zerocool^ · · Score: 4, Insightful

      Right, and while it might seem repulsive to some to have them proxy your web connections, I honestly find it more repulsive to hijack failed DNS queries, because this affects spam. Maybe it's just because I work for a professional email hosting company, but come on now. Failed dns lookup = drop mail as spam. Maybe not as critical because it's an ISP with mostly end users, but what if they're doing this to their small business customers, too?

      ~Wx

      --
      sig?
    2. Re:No, they didn't by Tim+C · · Score: 4, Insightful

      It's an important difference - 404 means that they are transparently proxying your connections

      And inspecting the packet contents looking for HTTP 404 error code returns, and either modifying the returned HTML to insert their own ads or else (and much, much simpler and more practicable) discarding the rest of the data stream and substituting their own.

      Hijacking DNS errors is wrong; hijacking HTTP 404 returns would be Evil.

      --
      It's official. Most of you are morons.
  4. Possible solution? by Gordonjcp · · Score: 4, Interesting

    They're returning adverts for failed DNS lookups, not 404 pages, as others have helpfully pointed out.

    How about a script that hammers suitably random fake domain names continuously (different ones every time)? If the scammers^W advertisers are paying per impression this will majorly hurt their pockets.

  5. You can opt out here... by profet · · Score: 4, Informative

    http://www.optimum.net/DNSRedirect/DoOptOut

  6. I love /. by elrous0 · · Score: 5, Funny

    I love it when an editor or story writer makes a technical error on /. You can actually hear the simultaneous erections of a thousand anal-retentive techies, each typing as fast as they can without even bothering to check if their fellow anal-retentives hadn't already pointed the same thing out in dozens of posts. It's the best sexual gratification most of them are going to get all day.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  7. Re:Hurting the Underlying Stablity of the Internet by guruevi · · Score: 4, Informative

    Quite simple: run a mailserver, then use these type of DNS servers. In a few days, you'll have so much mail that doesn't get accepted by xxx.xxx.xxx.xxx (your provider's DNS) that it might fill your storage. Then 7 days later (instead of a few hours later) the e-mail gets sent back with the message that the other server doesn't accept the mail (instead of saying that the domain doesn't exist) after being retried hundreds of times eating up valuable bandwidth and processing time. Then if your end-user isn't smart enough, he'll retry sending it, not noticing he has a typo in his address book, because after all, the other e-mail server DOES exist.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com