How One Man Fought His ISP's Bad Behavior and Won

← Back to Stories (view on slashdot.org)

How One Man Fought His ISP's Bad Behavior and Won

Posted by Soulskill on Tuesday December 31, 2013 @04:09PM from the i-bet-he-had-lasers dept.

An anonymous reader writes "Eric Helgeson documents his experience with an unscrupulous ISP that was injecting affiliate IDs into the URLs for online retailers. 'It appears that the method they were using was to poison the A record of retailers and do a 301 redirect back to the www cname. This is due to the way apex, or 'naked' domain names work.' Upon contacting the ISP, they offered him access to two DNS servers that don't perform the injection, but they showed no indication that they would stop, or opt-out any other subscribers. (It was also the only wireless provider in his area, so he couldn't just switch to a competitor.) Helgeson then sent the data he gathered to the affiliate programs of major retailers on the assumption that they'd be upset by this as well. He was right, and they put a stop to it. He says, 'ISP's ask you to not do crummy things on their networks, so how about they don't do the same to their customers?'"

30 of 181 comments (clear)

Min score:

Reason:

Sort:

Use public DNS by DigiShaman · 2013-12-31 16:21 · Score: 5, Informative

Google DNS is 8.8.8.8. and 8.8.4.4
Open DNS is 208.67.222.222 and 208.67.220.220
Norton Safe Connect (personal use, not for business) is 199.85.126.10 and 199.85.127.10. Supposed to protect against malware, phishing sites, and scams.
https://dns.norton.com/dnsweb/homePage.do

--
Life is not for the lazy.
1. Re: Use public DNS by corychristison · 2013-12-31 16:30 · Score: 3, Informative
  
  Personally use 4.2.2.[1-6]
  I think they are provided by Level 3. Get great response time here in the Canadian Prairies.
  I've never trusted my ISP's DNS servers.
2. Re:Use public DNS by Nerdfest · 2013-12-31 16:52 · Score: 5, Informative
  
  You can try this tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.
3. Re:Use public DNS by Nerdfest · 2013-12-31 16:57 · Score: 5, Informative
  
  I should add that both Google DNS and OpenDNS support DNS-SEC which is nice as well. OpenDNS also supports a form of DNS request encryption which hides even the sites you go to.
4. Re:Use public DNS by adolf · 2013-12-31 16:57 · Score: 4, Interesting
  
  A good suggestion, though I wouldn't trust Google not to do the same or worse with their DNS.
  Trust? Why is trust necessary? Because it's hard to look at the address bar and see that you haven't wound up at an affiliate link?
  
  --
  Kid-proof tablet..
5. Re:Use public DNS by arth1 · 2013-12-31 17:17 · Score: 4, Interesting
  
  You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.
  I think his point was that Google's DNS is very well behaved now, but that there is no guarantee that any DNS run by a major advertisement funded business won't, in the future, be tempted to put profit over principles.
  Blind trust is seldom a recipe for long term success. Uncertainty and doubt might be in order.
6. Re:Use public DNS by Anonymous Coward · 2013-12-31 17:34 · Score: 5, Insightful
  
  I think the point is that Google pwns every bit of information about you.
  It's not good enough that they track you at every site that uses Analytics, every site that uses AdWords, every site you go to from their search engine, every site you visit with their Toolbar in play. (I'm forgetting a hundred other ways they suck your data.)
  Nah, not good enough. Why not tell google every single DNS lookup you ever make??
  Why do people mistrust the NSA so much and yet think Google is some kind of sparkly-super-shiny white hat? They work very hard to provide you with tons of free services that give them this wealth of information about you. WHY do they give you these????
7. Re:Use public DNS by aevan · 2013-12-31 18:39 · Score: 3, Insightful
  
  Google hasn't (to my knowledge) black-bagged anyone.
  
  On the other hand, there are powerpoints saying they'll hand off the info to the people who then will do it...
8. Re:Use public DNS by Centurix · 2013-12-31 18:56 · Score: 3, Interesting
  
  Nope, even using Google's DNS won't save you: ISP's hijack DNS that aren't theirs
  For me I had to use DNSMASQ on my router and add: bogus-nxdomain=209.222.14.3 to stop Telstra from "helping" my DNS requests when using 8.8.8.8 and 8.8.4.4...
  
  --
  Task Mangler
9. Re:Use public DNS by Runaway1956 · 2013-12-31 19:31 · Score: 3, Interesting
  
  You may use a random server supplied by any person on the internet. Results will be random, of course. Why not use a tool designed to find the best servers FOR YOU? You could see an even greater improvement.
  https://code.google.com/p/namebench/
  Default ISP servers are often the worst of the worst.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
10. Re:Use public DNS by gnasher719 · 2013-12-31 23:56 · Score: 3, Insightful
  
  You can try this [google.com] tool to check your existing DNS for performance and behaviour. Google's is very well behaved by the way, so please don't spread FUD.
  "I wouldn't trust Google" isn't FUD, it's common sense. Remember that you are not Google's customer. You are Google's product.
11. Re:Use public DNS by Jon+Stone · 2014-01-01 00:24 · Score: 3, Informative
  
  If a DNS reply passes DNSSEC validation, I can be confident the response is what the zone administrator wanted it to be and it hasn't been tampered with. DNSCurve provides no such assurance.
  Widespread DNSSEC and client-side validation would kill OpenDNS's business model, which revolves around tampering with DNS responses. DNSCurve continues to allow them to do this.
12. Re:Use public DNS by StripedCow · 2014-01-01 00:40 · Score: 3, Funny
  
  Google's is very well behaved by the way, so please don't spread FUD.
  Yeah, well we all thought the NSA was well-behaved. Look how that turned out.
  
  --
  If Pandora's box is destined to be opened, *I* want to be the one to open it.
13. Re:Use public DNS by number17 · 2014-01-01 03:56 · Score: 4, Insightful
  
  The privacy policy for Google Public DNS is different than that for the rest of Google. It's also public. You can, you know, read it, then you can stop spreading FUD. https://developers.google.com/speed/public-dns/privacy
  
  That's like saying the NSA won't spy on you because the Constitution is public and you can read it.
14. Re:Use public DNS by slashdime · 2014-01-01 04:39 · Score: 3, Insightful
  
  "I wouldn't trust Google" isn't FUD.
  
  But "I wouldn't trust Google not to do the same or worse with their DNS" is.
  
  Especially when presented with the evidence in the response. Their baseless accusation to inspire fear, uncertainty, and doubt with something google has done in a correct way (so far at least) is just that, baseless.
  
  Your post to continue with this tinfoil asshattery despite seeing the evidence is begotten fud.
DNSSEC by tepples · 2013-12-31 16:21 · Score: 3, Insightful

From the featured article: "There is currently no way to validate the DNS record you’re being served is what the person hosting the website intended." Apparently the author hasn't heard of DNSSEC.
1. Re:DNSSEC by SuricouRaven · 2013-12-31 20:12 · Score: 4, Funny
  
  It's scheduled for widespread deployment some time between the domestic service rollout of IPv6 and the year of linux on the desktop.
Not wireless by Anonymous Coward · 2013-12-31 16:33 · Score: 5, Informative

(It was also the only wireless provider in his area, so he couldn't just switch to a competitor.)
No, the blog says:

You may be asking why don’t I switch ISPs? Well they are the only one besides a wireless provider in my area.
Which means there are 2 ISPs. The one he's using is not wireless, and the other one is wireless.
A company with little big man syndrome by Anonymous Coward · 2013-12-31 16:51 · Score: 3, Interesting

Being from the part of Minnesota that Arvig is based in, I can tell ya, this behavior is very typical of them.
When I had gotten set up upon moving into the area, the install tech bragged how all the homes (over 200 of them) on this part of town were all connected on 1 cable loop. It was a heads up from the tech that I should have paid attention to. I ended up cancelling my service early due to a consistent 1mb down every Friday and Saturday when I was paying for 10mb. Customer service actually said "we guarantee up to 10mb" "10mb is the maximum you will get"
So many have switched over to 4g hotspots, they actually cut the offices hours here.
Public DNS considered harmful by kriston · 2013-12-31 16:57 · Score: 4, Interesting

Saw this in Reddit this morning but thanks for reposting it.
Seriously, the drawback to using public DNS like OpenDNS and Google DNS is that they present a serious performance problem.
Even though the physical DNS servers are "anycast" and geographically diverse, the IP addresses are still the same. Threrefore, the large content delivery networks (CDNs) like Akamai and LimeLight still use the IP address of the DNS server to judge your location.
Therefore, any service that uses a CDN (even Google's use them in spite of their own network) will really serve your content out of a data center that is not geographically or logically near your machine's location.
The article (if you read it) mentions that his ISP, like most that have similar revenue-extracting services, really does offer alternative DNS servers that do not pack affiliate cookies. You should use those if you want to enjoy high-performance, edge-serve content via Akamai (AKAM) and LimeLight (LLNW).
Otherwise, you'll all get your edge content served from some random data center in the central USA.

--
Kriston
1. Re:Public DNS considered harmful by drmofe · 2013-12-31 17:54 · Score: 5, Interesting
  
  I commented on the reddit thread in the same vein as you and got downvoted. So I did some research. Several contributors to that thread suggest that Google DNS has solved the CDN problem by adding and original IP field that the CDN can use to geolocate the subscriber. This is due to Google implementing edns-client-subnet EDNS0 extensions as of late-2011.
2. Re:Public DNS considered harmful by kasperd · 2014-01-01 04:02 · Score: 3, Informative
  
  Even though the physical DNS servers are "anycast" and geographically diverse, the IP addresses are still the same. Threrefore, the large content delivery networks (CDNs) like Akamai and LimeLight still use the IP address of the DNS server to judge your location.
  Let's get this misunderstanding sorted out. Because that sentence is indeed describing a non-existent problem. In reality anycast DNS is not part of the problem, it is part of the solution.
  
  Anycast DNS works by having a large number of resolvers spread throughout the world with the same IP address on each of them. A request from a client to this IP will reach the closest of those resolvers. What happens next is that the resolver will query authoritative servers (unless it already has a cached result). If the request from the resolver to the authoritative server was send using the anycast IP as source IP, it would not work. The reason it would not work is, that the reply from the authoritative server would be sent to the closest resolver, which is not necessarily the same as the one, which is closest to the client. You'd have most replies end up at the wrong resolver, which would simply discard it, as it would look like a failed poisoning attempt.
  
  In order to solve that problem you have to give each of those resolvers two IP addresses. It will have the anycast IP address (which is the same on all servers in the pool) and a unicast IP address, which is different on each of those resolvers. The client will still use the anycast IP in order to send a query to the resolver, but the resolver will then use its unicast IP when sending the request to the authoritative server. That way the reply from the authoritative server will make it back to the correct resolver.
  
  Incidentally this also solves the geolocation problem mentioned. The authoritative servers will indeed see different IP addresses depending on which resolver in the pool the request came through. The content providers just have to figure out the geographic location of each of those resolvers, which is mostly the same they have to do for the resolvers for any ISP. Additionally providers of resolvers such as Google do have an incentive to make this easy to figure out, since that will make their resolvers provide a faster overall experience.
  
  The above is of course slightly simplified, because any well operated resolver is dual stack. That means it need both IPv4 and IPv6 addresses. The anycast addresses can be separate pools such that each resolver has only one anycast address, which is either IPv4 or IPv6. Alternatively you can let one resolver be part of one IPv4 anycast pool and of one IPv6 anycast pool. However the unicast side of these resolvers need to be dual stack, so each resolver needs at least two unicast addresses, one IPv4 and one IPv6.
  
  You could even assign multiple unicast addresses to each resolver. The extra addresses could be used to provide additional protection against poisoning. An attack would then have to not only guess a request ID and port number, but also the IP address. Alas that is really not feasible with IPv4 due to shortage of addresses, but for IPv6 you could easily affort a /64 for each resolver.
  
  If you want to know the IPv6 unicast address of the resolver you are currently using, I have a special domain for that. If you look up the AAAA record for the domain mydnsv6.kasperd.net, it will actually respond with the IPv6 unicast address of the resolver you are using (or server error if the resolver has no IPv6 address). I could have made an identical service to find the IPv4 unicast address of the resolver, but I didn't have a spare IPv4 address to host the authoritative server on.
  
  --
  
  Do you care about the security of your wireless mouse?
Illegal behavior by WaffleMonster · 2013-12-31 17:22 · Score: 4, Insightful

It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.
1. Re:Illegal behavior by eladts · 2013-12-31 17:54 · Score: 3, Informative
  
  It would have been better to contact FBI and report this fraud. Whoever the hell runs fwdsnp.com needs to spend some time in jail.
  This isn't just plain fraud, it's wire fraud. The penalty for it is up to 20 years in prison.
2. Re:Illegal behavior by Anonymous Coward · 2013-12-31 18:59 · Score: 4, Informative
  
  I think you are confused.
  It was a CORPORATION that was scamming money out of affiliate links, so everything is A-OK!
  Of course, we punish the little people for exactly the same thing:
  http://www.justice.gov/usao/can/news/2012/2012_06_19_kennedy.sentenced.press.html
Re:Repost! by 228e2 · 2013-12-31 18:25 · Score: 5, Funny

I think I read 75% of the things here elsewhere around a day in advance.
Slashdot isn't (well, in its prime) where you come for breaking news, it's where you go (again, back in its prime) for great intellectual technological discussions.

--
Since when does being a Socialist mean 'someone who has a different opinion than me'?
Both Amazon and other affiliates by dutchwhizzman · 2013-12-31 22:24 · Score: 4, Informative

First of all, Amazon doesn't get a very high percentage of affiliate tagged traffic/purchases. If every ISP would do this, it would get 100% and the whole business model wouldn't work any more. Amazon would have to pay out way too many affiliate bonuses. Second, any affiliate that the user might choose, would lose out because their tag would get replaced by that of the ISP.

--
I was promised a flying car. Where is my flying car?
Fraud by MrL0G1C · 2013-12-31 23:33 · Score: 4, Insightful

To be clear, the ISP has committed a criminal act (fraud), it is obtaining financial gain by deception - the concealment of the fact that no person willingly used an affiliate link.
I think that if they weren't prosecuted then they committed a crime and got away with it. The victims being the retailers and any legitimate affiliates who lost out (if that is the case).

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Re:Repost! by rroman · 2014-01-01 00:53 · Score: 4, Funny

How is it possible, that this post was modded Funny? Slashdot is exactly what this post describes. Slashdot is mainly great because of great comments and well done comment rating system.
Re:What exactly happened? by hey! · 2014-01-01 03:51 · Score: 5, Informative

Short, simplistic answer: the ISP found a way to fraudulently skim a percentage from online retailers for every purchase made by the ISP customers.
Slightly more detailed answer: the ISP directed users looking for online merchants like "amazon.com" to it's own bogus server. That bogus server then re-directs the user's browser to the merchant's server in such a way the consumer doesn't notice and the merchant thinks the customer is following a product referral from an advertising partner. Thus the ISP collects a kickback intended for people who make product recommendations and referrals, without actually having made any recommendation or referral.

--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.