Comcast DNS Redirection Launched In Trial Markets

An anonymous reader writes "Comcast has finally launched its DNS Redirector service in trial markets (Arizona, Colorado, New Mexico, Oregon, Texas, Utah, and Washington state), and has submitted a working draft of the technology to the IETF for review. Comcast customers can opt-out from the service by providing their account username and cable modem MAC address. Customers in trial areas using 'old' Comcast DNS servers, or non-Comcast DNS servers, should not be affected by this. This deployment comes after many previous ISPs, like DSLExtreme, were forced to pull the plug on such efforts as a result of customer disapproval/retaliation. Some may remember when VeriSign tried this back in 2003, where it also failed."

Call it what it is

[wilsoniya]

Didn't RTFA, but lets call a spade a spade--this is typosquatting

Re:Call it what it is

[Zontar_Thing_From_Ve]

This reminds me of a little known incident that happened in the mid 1990s. For a while, AT&T ran a service called 1-800-OPERATOR where you could call this number and get AT&T to connect you to a long distance call. For those who don't know, we're required (at least in most of the USA if not all of it) to pick a long distance service provider. That company does not have to be who you get local telephone service from. It was possible to place long distance calls with someone other than your long distance provider by simply dialing an access number that belonged to that company and you would get billed for the call from that company. So for example you might have, say, BellSouth as your long distance provider, but you could dial an access number and place calls on Sprint if Sprint offered a better rate. No need to change providers that way. So AT&T decided that it would be smart to get in on this too and lower their rates. So the way it worked was that you called 1-800-OPERATOR and someone at AT&T would connect you to your long distance call and charge you whatever rate AT&T had for the service. AT&T promoted this service on national television commercials and spent a lot of advertising money on it. Anyway, I had a friend at the time who worked for MCI in their marketing department. She told me that MCI had reserved the telephone number that corresponded to 1-800-OPERATER. MCI spent zero dollars advertising and simply waited for people who couldn't spell to call that number and they placed the call for the person and made the money off it. She told me "You would not believe how much money we made off this". Some months after the campaign started, AT&T quietly pulled the plug on it. I always assumed that too many people couldn't spell "operator" correctly and they were tired of giving business to MCI for nothing.

Re:Call it what it is

[typosquatting]

Totally agreed - it is absolutely typosquatting on a massive scale.

Many people don't realize that there's TONS of traffic going to typo domains (whether registered or not). For instance, youtuve.com (notice the v instead of the b) got 358,751 visitors over the last 31 days. It redirects to another domain for cloaking purposes, but here is the traffic report. This level of traffic provides the financial incentive to implement these DNS schemes.

By the way, there's a new, free typosquatting scan tool at aliasencore.com. It shows you all the registered .COM domain names that are one character misspellings of any Alexa top 100,000 site you enter. It also displays screenshots of those typosquatting sites. It's a nifty way to get a quick idea of the rampant growth of typosquatting. Here's an example that shows the 431 registered .COM domain names that are one character away from google.com.

Full disclosure: I am Graham MacRobie, the CEO of Alias Encore, Inc. We help companies recover cybersquatting domain names, but we focus solely on "slam-dunk" typosquatting cases (obviously only registered domain names). I can speak from personal experience in this field that the very last thing we need is wholesale typosquatting at the DNS level.

Re:The Sky isn't faling.

[Shakrai]

The sky isnt falling.

It is if you were foolish enough to believe that the RFC/protocol standards would be obeyed and wrote code that relies on a NXDOMAIN response to detect a bad hostname. Now you are going to an 'A' record that points to a Comcast server. This will break various applications but they don't give a damn because it's all about the ad revenue and who uses the internet for anything other than surfing anyway?

Re:The Sky isn't faling.

[Maximum+Prophet]

No, it will only show those pages that have paid to be listed as what you want to see. (at least after an initial trial run)

This could easily be done in the browser in a non-evil way. When you type in a name and get a non-response, similar names typed after would be recorded. Then, when you make the same spelling error, gooogle.com, it takes you to where you want to go. Since it's in the browser, people could edit and share their commonly misspelled domain names.

it can fail badly

[RichMan]

My ISP did it for a while. The problem was that it was badly implemented and increased to load on the upstream DNS services.

So if the middle layer DNS cache was empty and I asked for
    mybank.com the bottom level DNS timed out and it failed over to the advertising page.

---
Think of searching on coke.com or any real address then the system failing and redirecting you to pepsi.com.

Think of the lawsuits. Think of the denial of service attacks possible
      a) register not_mybank.com, have spoof of mybank.com page ready to launch
      b) pay to have a fail on mybank.com route to not_mybank.com
      c) denial of service attack to root servers for mybank.com, flip in your spoof page
      d) have the ISP's magically send people to your spoof site from their saved URL's and collect passwords

Yeah this is a good idea.

What about non-HTTP?

[slushdork]

I'm a Comcast "customer" in an affected "market" (Colorado). How will this affect DNS resolution requests for non-HTTP purposes? There is no way for the Comcast DNS servers to know what a DNS name resolution request is for: it could be for HTTP, or it could be for SSH, FTP, etc. So if I mis-type an FQDN hostname in an SSH command, will the DNS resolution request now suceed? Previously SSH would fail with a "cannot resolve hostname" error or something similar. Will it now try to connect with SSH to the Comcast "domain helper" servers? What about its effects on local DNS caching servers (e.g. dnsmasq)?

Also, this statement from Comcast's blog is blatantly false:

Despite the fact that web addresses are easier to remember than their IP address counterparts, sometimes you mistype an address. Let's say you type in http://www.comtcas.com/ (instead of http://www.comcast.com./ Normally you then sit and wait for the Web browser to time out, then you receive an error message that the site does not exist, and then you have to retype the correct address.

Normally you would *never* "sit and wait for the Web browser to time out" (well, these *are* Comcast's DNS servers after all, so in this specific case it might be true). Normally, your browser would get a DNS resolution failure and show you a built-in error page instantaneously. Now, on the other hand, you have to wait until your browser goes off and loads a page of Comcast ads.

Domain Helper my a$$!

Re:malware

Just wanted to remind everybody that a few weeks ago, another slashdot article about comcast DNS hijacking appeared, and everybody wound up calling this specific blogger a liar.

What if before introducing mass trials, they randomly selected MAC IDs and did this in specific locations? Perhaps that blogger actually did break news.

But then, it wouldn't be the first time we trolled a legitimate story because its legitimacy was hard to validate at the time. :)

Also, this discredits Comcast's massive twitter efforts as ComcastBonnie so kindly made a slashdot account after seeing the twitter output from the article, and told us that the engineers promised no form of DNS hijacking was underway. Underway or not, it was certainly being planned, and coverups should not be appreciated.

Just my two cents