Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast the Latest ISP To Try DNS Hijacking

Posted by timothy on from the c'mon-fellas dept.

A semi-anonymous reader writes "In the latest blow to DNS neutrality, Comcast is starting to redirect users to an ad-laden holding page when they try to connect to nonexistent domains. I have just received an email from them to that effect, tried it, and lo and behold, indeed there is the ugly DNS hijack page. The good news is that the opt-out is a more sensible registration based on cable modem MAC, rather than the deplorable 'cookie method' we just saw from Bell Canada. All you Comcast customers and friends of Comcast customers who want to get out of this, go here to opt out. Is there anything that can be done to stop (and reverse) this DNS breakage trend that the ISPs seem to be latching onto lately? Maybe the latest net neutrality bill will help." Update: 08/05 20:03 GMT by T : Here's a page from Comcast with (scant) details on the web-jacking program, which says that yesterday marked the national rollout.

2 of 352 comments (clear)

  1. Re:Serious question by dirk · · Score: 5, Interesting

    To use an example from my company, we have many users with laptops. We have set up MS Outlook on these systems to use Outlook Anywhere. The way Outlook Anywhere works is that is first tries to connect to the internal mail server (mail.company.inside) and if it can't connect to that then tries the external mail sever for an Outlook Anywhere connection (mail.company.com). With a properly set up and unmunged DNS, when they are at home it tries to connect to the internal server and gets a DNS not found response and then tries the external server. With this new bothced DNS setup, it tries the internal server and gets an IP address response, so it tries to connect to that server to retrieve it's email. Unfortunately, the DNS sends the IP address of the web server that serves up it's ad page, so Outlook sits and times out waiting for a response, meaning these people can't get their email from home.

    Yes, this could be worked around by host files, but we are 1000 person company. Why would we want to try setting up local host files on these systems that then have to be updated whenever we change servers just because an ISP doesn't want to set up DNS based on the proper specs?

    --

    "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
  2. Re:Serious question by MightyMartian · · Score: 5, Interesting

    Using DNS lookups to tarpit certain kinds of spam. If everything resolves, then such methods simply fail.

    Besides, interfering with DNS resolution is just plain bad. Quite frankly, I wish we had an organization controlling the root servers that had a backbone, and would simply stop answering queries from any network that decided to interfere with DNS resolution.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.