Charter Corrupting DNS protocol (ie: hijacking hosts)
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » US Cable Support » Charter HSI/CATV » Charter Corrupting DNS protocol (ie: hijacking hosts)
page: 1 · 2 · 3 · 4
joeykahn @ 20th Feb 11:36PM:
Charter Corrupting DNS protocol (ie: hijacking hosts)
Remember when Network Solutions altered the root servers to stop returning NXDOMAIN for unknown hosts in unregistered TLDs? (Instead, they hacked the root servers to return an IP address of one of their servers in an attempt to hijack domain name typo web traffic.)
Now, Charter is doing exactly the same thing; and perhaps a bit worse. Charter's DNS service now returns an IP address to a machine servicing only port 80 for any DNS lookup which fails; not only for unknown TLD's, but also unknown hosts within delegated domains.
leo125> nslookup ableeblee.dslreports.com
Server: 24.247.24.53
Address: 24.247.24.53#53
Non-authoritative answer:
Name: ableeblee.dslreports.com
Address: 64.158.56.56
Name: ableeblee.dslreports.com
Address: 206.112.100.132
Thus, if you are using a browser and type any bad domain or host name, you are connected to 64.158.56.56:80 which then returns a hybrid Yahoo search page based on the "Host:" HTTP header, such as:
»www11.charter.net/search?qo=bad_···38-DQTRq
In the returned search results each visible link is wrapped in a javascript on-mouse-over script which updates the status line to indicate the final, legit, target URL while the underlying href= contains a unique identifier pointed at www11.charter.net. Clicking on any link in the search result page only redirects you to the final target through charter.net; in other words, Charter is also tracking your clicks on the redirected, failed-DNS, typo page.
While some may refer to his as "404 Hijacking", the underlying problem is the corruption of a core Internet Protocol/RFC which states unknown hosts MUST return NXDOMAIN. Normal DNS service is important and should not be corrupted in this way (I can outline the problems in further posts if needed).
Charter may also claim they have an "opt-out" feature; but this feature only alters the behavior of your web browser experience and doesn't effect their DNS service implementation.
Furthermore and sadly, "opting out" of the default search return merely makes the intermediate web server redirect you to search.msn.com.
If Charter wants to hijack typos, they should do so in the co-branded browser they ship to new customers while paying the appropriate licensing fees; they should not be corrupting a core Internet Protocol.
Does anyone know how wide spread this "new service" is and how we can go about changing it?
I am located in Bay City, Michigan.
Any advice is appreciated,
Best,
Joey
(Edit: Changed two instances of SERVFAIL to NXDOMAIN, thanks for pointing that error out, I'm pretty dumb sometimes ;)
reply
Lazlow @ 21st Feb 01:03AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Joey
Same BS in St Louis.
Lazlow
reply
stivvy @ 21st Feb 01:41AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Change your DNS servers.
4.2.2.2 and 4.2.2.3 work fine for me.
reply
joeykahn @ 21st Feb 01:50AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
There's a far bigger issue here: is it acceptable for ISPs to alter core protocols? What then becomes the point of having protocols and standards?
reply
radiofreq @ 21st Feb 07:24AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
OpenDNS! Try it!
»opendns.com/
reply
Darkk @ 21st Feb 09:08AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
They've altered it here in Michigan too.
Tech support is apparently unaware of the issue. (Not that you can understand offshore support, or get them to understand you either.)
This is simply unacceptable as it breaks the standards-based way that the Internet operates. It not only affects browsers (in a bad way) but other apps as well. None of the other apps can handle errors correctly now, and will report false error messages because of the redirect.
AN ISP should not alter standards-based Internet behavior, period. And we shouldn't be forced to use alternate DNS servers to get around an act like this. It's just plain bad technically.
I called Charter Corporate to complain and I suggest others do also. What Charter is doing to DNS resolution is simply unacceptable.
Here is a number at Charter Corporate to call:
888-561-1030 x28377
Call and voice your displeasure at this.
reply
mworks @ 21st Feb 12:33PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Download treewalk at »ntcanuck.com/
Change your dns servers to another provider like level 3 at
4.2.2.2 and 4.2.2.3 . Enjoy MUCH faster browsing .
For those that don't know, Treewalk runs a dns server on your own pc and only goes on the net to get site addresses if they aren't in the local cache.
Much faster than the charter BS
reply
dks7 @ 21st Feb 01:30PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I personally locate some DNS servers of a business or something close to me to use, I use ones that are like 50 miles from me, works great.
reply
Velocity92c @ 21st Feb 03:03PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
.
reply
Darkk @ 21st Feb 03:12PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
So does that mean no more VPNs to the workplace for residential customers?
Any info on the broken VPN issue?
reply
Velocity92c @ 21st Feb 03:23PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
.
reply
Velocity92c @ 21st Feb 03:30PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
.
reply
Snavvie @ 21st Feb 04:21PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Hrrm. Interesting topic.
reply
gimlet420 @ 21st Feb 05:28PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Marketing people need to be handled Garfield-style... dragged out into the street and shot.
reply
Lazlow @ 21st Feb 07:10PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Not exactly on topic, but here is a link that checks DNSs out.
»www.dnsreport.com/tools/dnsrepor···rter.net
A lot of warning flags for charter.
Lazlow
reply
Darkk @ 21st Feb 07:32PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Sounds like Charter needs to learn how to properly set up a system of DNS servers before it allows some third-party corporation to hijack them.
reply
molochi @ 22nd Feb 12:22AM:
Re: OpenDNS
said by radiofreq :
OpenDNS! Try it!
OpenDNS is guilty of the same thing. They however tell you up front that mispellings and known phishing sites will get redirected. Whether you trust them or not is up to you.
reply
markopoleo @ 22nd Feb 08:38AM:
Re: OpenDNS
Big freakin woopity do about the change. lol
reply
anon @ 22nd Feb 03:08PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
If you know an adress is at a certain name, and you type it correctly, what are the chances that you will NOT get the original content by x author at x address?
As long as the original auther has their domain registration fee's paid, there are copyright laws that are designed to prevent misrepresentation, alteration, and replacement of original works or dirivitive works based on an original works registered name, and also to prevent other companies from saying "you can't use that domain"
So, if your ISP does not PAY for the registration of the domain name that you misstyped, they cannot "redirect" you to their own page content without breaking the Domain registration LAWs.
To add to this, if they do pay for their registration fee's and are not trying to misrepresent your original destination, replace or compose a derivitive works of your original destination, there's nothing you can do!
said by loose wire blog :
"Paul Thurrott of Windows and .NET Magazine tells the story of a Canadian teenager called Mike Rowe who brought down the full wrath of Redmond's lawyers when he set up a website called MikeRoweSoft.com. They sent him a 25-page letter demanding that he hand over the domain name. Rowe goes to the press, his site gets massive interest, his case gets lots of support, and suddenly, Microsoft has backed down, issuing an
apology in which the company admitted that it had acted improperly."
It's not a stretch of the laws context to point the finger directly at the company allowing the works to be replaced by 3rd party, or replacement of original works by another company with their own content without paying for the domain registration, or!!!! Redirection of an incorrect url to their content on their page instead of ERROR 404; where it can be considered unlawfull to redirect someone to another site simply by the mis-spelled URL; because it's unlawfull to replace an original work with their own content, at their own URL, without paying for the registration rights for the accidentally mistyped URL.
reply
anon @ 22nd Feb 03:17PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
You can turn off redirection in windows Internet explorer options, where it says, "search for most likely address" or "do not search from the address bar" etc.. This will prevent your DNS error redirections.
reply
joeykahn @ 22nd Feb 06:16PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Thats an interesting argument. When Network Solutions pulled this same routine, they were smart enough to not redirect unknown hosts within delegated domains.
Charter DNS server doesn't care and redirects ALL failed host or domain lookups; even within existing domains. To me, this is very nasty and I wonder what the Fortune 500 companies think of the practice, since it now looks like they might be sponsoring Charter's search results.
reply
joeykahn @ 22nd Feb 06:18PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
HTTP/404 redirection isn't the same thing as DNS corruption. No 404 is ever returned; rather, a misdirected IP address for whatever host you typed in is returned and your browser blindly directs your request there.
reply
useless @ 22nd Feb 07:06PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
This is def interesting, i do not use them so I dont care much, but it is contradictory to "accepted practice"
Problem is, there are no laws governing businesses in this type of activity. Im sure there is probably something in the agreement you agreed to that makes this a moot point, although I haven't looked.
reply
The Admiral @ 22nd Feb 07:29PM:
.
.
reply
joeykahn @ 23rd Feb 02:46AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Right now, I feel utterly powerless trying to do anything here and am embarrassed that Charter's own Engineering Staff aren't strong enough to stand up to their Marketing Department. Embarrassed for good Engineers, that is.
So far my letter to Charter has resulted in form-replies saying that they've received my complaint and will get back to me.
Phone calls have gotten nowhere useful; the experience has so far been frustrating -- I need a better speaker phone while waiting on hold.
I probably should iron a good shirt and put on a suit then visit the nearby office to see if there is anyone who understands the issue. There must be, right?
reply
useless @ 23rd Feb 07:38AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Sales > everything else. That is just about every company.
dunno what to tell you man sorry.
reply
Darkk @ 23rd Feb 08:36AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I never got past the Charter corporate voice mail after I got the letter saying they had tried to contact me in the mail. So I haven't received an answer either.
Charter definitely blew it with this move...
What I want to know is whether they are tracking browsing habits now by IP, so that they can shape their new nasty advertising based on your browsing habits? Does anyone know any details about how the re-direct service handles this?
One other point is that since all domains now resolve, real ones to their IP and fake ones to Charter's bogus re-direct IP, there is no way to validate broken links with meta-search tools, or to validate bogus email domains to filter spam at the user level. Anyone know if this might break the Can SPAM act in that it prevents proper domain validation of email sender domains of potential SPAM email messages at the customer level?
reply
k7aab @ 23rd Feb 06:36PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Been using a different non charter DNS in my TCP properties ... no problems since.
reply
anon @ 24th Feb 01:55AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by joeykahn :
Right now, I feel utterly powerless trying to do anything here and am embarrassed that Charter's own Engineering Staff aren't strong enough to stand up to their Marketing Department. Embarrassed for good Engineers, that is.
Don't feel bad for us. It has nothing to do with standing up to other departments. All you can do it vote with your wallet. Don't loose too much sleep over it man, because we don't. And please be aware that this is a corporate initiative .. be aware of that when barging into your local office yelling at poor Suzie, sitting behind the customer service desk.
reply
Darkk @ 24th Feb 10:20AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
You know the sad part about it is that after calling the Corporate number, explaining my complaint with this to the initial call taker, getting a promise of a callback later by someone who could help me, never having Charter make that promised callback instead sending out a letter saying that they "tried to contact me and could not", me calling twice per day the phone number of the Escalation Specialist on the mailed out letter and leaving voice mail messages for 3 days (which say that a call back will be made that day on the recording), I still haven't been able to get charter Corporate to respond.
I mean at least answer the phone and tell your customers you don't care what they think and that you feel that it is your (Charter's) right to mess with the very standards that make the Internet run, foul up our locally run applications, track our every move online by IP address using your new non-standard Internet DNS ad insertion partner (who also does who knows what with that IP based browsing history) so you can use that data in your plan that breaks DNS to send us advertising we don't want, violate the Can SPAM act by resolving DNS lookups that anti-spam apps need to see fail to properly reject bogus email messages (you Charter were pretty clear in your filing to the FTC in that this was one way you were allowing your customers to handle the requirements of the Can SPAM act when trying to minimize any actions you had to take Corporate-wise), and break truth in advertising because you are not offering standards-based DNS resolution to allow applications that anyone would expect to work as expected and designed (and Internet RFC standards dictate) on an "Internet" connection without having to look elsewhere for some of the services that an Internet service provider must provide as part of the marketed service.
I mean, you didn't even configure the DNS redirect correctly.
I suspect that regardless of what Charter Corporate might be thinking right now, this isn't done yet. At some future date we may yet be thanking Charter for being the final straw that broke the camel's back and finally launched oversight across the board which may later affect themselves and other companies providing ISP services that dearly hoped to avoid such oversight.
reply
joeykahn @ 25th Feb 05:42PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I would never barge into a local office yelling at anyone, for any reason. I would never doubt that Sally is sincere in her job. The proper place to address this problem is conversation with the corporate higher-ups, not screaming at Sally. It is most likely that marketing persuaded an entire corporation that corrupting DNS is somehow a good thing and they can some how rake in extra money by altering the very functioning of Internet Services. I simply have no direct way to engage decision makers and provide them with honest dialog. Charter's support escalation system doesn't appear designed for actual dialog.
If you are interested, you might want to read The Cluetrain Manifesto: The End of Business as Usual, available on amazon.com.
Either way, if you actually work for Charter, you should consider taking a stand for the doing the right thing. Not all corporate initiatives are worthy; this particular one makes Charter vulnerable to many problems which aren't too difficult to figure out. You might consider trying to find a way to protest from the inside because, regardless of the cliche', there are more important things than money and using your wallet, namely: social trust.
No offense and Best Regards,
Joey
reply
joeykahn @ 25th Feb 05:52PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Darkk,
I hadn't thought of your SPAM act point. I really thank you for taking the time to post about it.
Tonight I'm going to work on a factual letter in an attempt to explain why Charter's DNS change is simply bad business for Charter. Every bullet point helps ;)
(I may have emailed this note?) My route via Charter's support has also gotten me no place. Today I received a letter explaining how I can terminate my Charter account as well as how to use their new Epay service to pay my future Charter bills. Go Figure ;) I never once hinted at terminating my account; rather, I simply asked for someone to interview to understand what they were trying to do to the core Internet Protocols.
Best,
Joey
reply
Darkk @ 25th Feb 09:15PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
The way things are going, I doubt whether Charter will ever take a phone call on this. I suspect that the Escalation Specialist is ducking all calls using voice mail, and will only return calls they want to take. DNS hijacking calls aren't likely ones that would fall into this category.
The "tried to contact you" letter should have been the tip off.
It may not be the escalation person's doing, Charter corporate may have mandated no discussion on the nefarious and possibly illegal corruption of the DNS standard.
Surf to the FTC web site and file a complaint on Charter noting the DNS hijack breaks the reverse DNS required to be in compliance with the Can SPAM act, and also might in fact be false advertising in that an "Internet" connection and "Internet" services require standards-based behavior. A consumer has the right to expect this as this is the way the service is advertised.
Then write your elected representative and ask that they look into this balkanization of the Internet. ICANN reacted pretty strongly when VeriSign pulled this, and at least their hijack was configured correctly.
Lastly, I wonder what Charter and it's new hijacker are doing with all of the IP tagged browsing history they are collecting on customers?
reply
member101 @ 25th Feb 09:39PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
So by using other non-charter DNS (like 4.2.2.1), our browsing history can't be IP tagged?
Thank you,
Memeber101
reply
anon @ 26th Feb 01:16AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by joeykahn :
Either way, if you actually work for Charter, you should consider taking a stand for the doing the right thing. Not all corporate initiatives are worthy; this particular one makes Charter vulnerable to many problems which aren't too difficult to figure out. You might consider trying to find a way to protest from the inside because, regardless of the cliche', there are more important things than money and using your wallet, namely: social trust.
No offense and Best Regards,
Joey
I know what you're saying Joey, but trust me, the people at Corp are NOT interested in what we have to say from a local standpoint. They just call us to fix things when they're broke. I could go on for hours about Corp, trust me, but I won't, because deep down I want to believe we are doing the right thing as a company. The only thing I can tell you for sure is, engineers are never consulted on these decisions. We are just told what to do, and woke up at 4 in the morning when it breaks.
reply
plineStokeD @ 26th Feb 03:52PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I just changed to the open source dns, thanks :)
reply
anon @ 26th Feb 11:11PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
The issue with using another DNS is that it's going to be slower...in my case, hitting those gte DNS servers is about double the roundtrip time that it is to my charter name servers. Charter is really going to be shooting themselves in the foot here, because now everyone (who has an interest to) is going to start pushing all of their DNS queries to DNS servers that are on the other sides of Charter's network.
I'd heard about this previously, but didn't think I was affected (St. Louis.) Well, apparently now I am. However, I did notice a discrepancy:
I'd always used the DNS servers 24.217.0.5 and .55. Those are 'nsx.charter-stl.com' and 'nsx2.charter-stl.com'. However, the admin contact (in whois) for charter-stl.com lists the DNS servers that the domain utilizes, which are ns1.charter-stl.com and ns2.charter-stl.com. Those are 24.107.0.3 and .4 Those DNS servers seem untainted, at least at this moment:
> asdfblagrg.google.com
Server: [24.217.0.55]
Address: 24.217.0.55
Non-authoritative answer:
Name: asdfblagrg.google.com
Addresses: 64.158.56.56, 206.112.100.132
> server 24.217.0.3
Default Server: ns1.charter-stl.com
Address: 24.217.0.3
> asdfblagrg.google.com
Server: ns1.charter-stl.com
Address: 24.217.0.3
*** ns1.charter-stl.com can't find asdfblagrg.google.com: Non-existent domain
First query shows the site-finder resolve, second shows proper, failed resolve.
Obviously those DNS servers will only be 'quick' for someone in the same region--could someone else check out the WHOIS page for their region and see if they have similar results?
(It's possible that the 'charter-stl.com' domain might just be a local, weird domain that was set up at some point...but it does stand to reason that they have _some_ untainted DNS servers on their network, because I can't fathom trying to keep a huge data network like theirs running if they had to rely on malfunctioning DNS servers.)
reply
wispagod @ 6th Mar 05:02PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Actualy, i just used the dude and scanned Charters network and found a DNS server on one of there static custermors and it works better than there's... and no hijacking, so FOR now i feel better.
reply
stivvy @ 6th Mar 05:27PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by wispagod :
Actualy, i just used the dude and scanned Charters network and found a DNS server on one of there static custermors and it works better than there's... and no hijacking, so FOR now i feel better.
First stealing neighbor's wi-fi now stealing services from a private DNS server.
WHy don't you guys just use Level 3's DNS servers?
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
They're public and often you will get better response than one inside of Charter's network.
reply
Lazlow @ 6th Mar 06:46PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Stivvy
About stealing I agree with you. My and I think the OP's, point was that a major service provider is breaking Internet protocol. This is BAD. The reasons those protocols were set up was to prevent people from doing things just like this. Essentially Charter is doing the same thing that the guy stealing wifi is.
Lazlow
reply
wispagod @ 7th Mar 02:18AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I'm not stealing i'm borrowing with out direct permission.
reply
anon @ 7th Mar 10:52AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by wispagod :
I'm not stealing i'm borrowing with out direct permission.
omg .. it's like a joke, without all the funny :uhh:
reply
budone @ 7th Mar 02:36PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by wispagod :
I'm not stealing i'm borrowing with out direct permission.
Since you are 'borrowing' what are you giving back in return????
reply
useless @ 21st Mar 10:50PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
*BUMP*
Check this again. In St Louis I think we reverted back to the old DNS, would be interested to see if the MI people reverted back as well.
reply
joeykahn @ 23rd Mar 03:59AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Thanks, "useless". No change here, yet ;(
reply
wispagod @ 23rd Mar 10:53PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
there for a few day's i had website i know was up cause they was loading for a buddy over a IM, and i changed DNS servers and the site worked, liket here 24.217.0.5 server was not resolving new address.. but i just changed dns servers now all is good! :)
reply
test5477 @ 12th Apr 09:20PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
used 4.2.2.1 and all is fine for now but this is horrible, called cs and they had no clue wtf i was talking about.
thanks for the help guys, you saved me from a nervous breakdown I was getting that page all the time
reply
wispagod @ 13th Apr 01:51AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
there is also a 24.217.1.162 and it runs like GREAT!
reply
HappyBunny @ 13th Apr 11:59AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Charter just changed it over in Southern California--perhaps just this week, as I had never seen it before. I too switched DNS servers. It just annoys me to see Charter ads.
reply
wispagod @ 13th Apr 12:06PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Makes me wonder if charter sells our click stream data as well.
reply
DaSneaky1D @ 13th Apr 01:31PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by wispagod :
Makes me wonder if charter sells our click stream data as well.
DNS server is the most practical place to see where people want to go. Proxy servers can be a pain to implement and search is only as relevant as the destination you actually "click-through" to.
If you resolve "homedepot.com" for a large majority of your customers in a given area, you can sell more "Home Depot" services directly to a given market. If you see a lot of "adult type" resolutions, well, you can figure that out as well.
BIND 4 teh w1n!!!11!1
reply
NormanS @ 13th Apr 01:55PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by DaSneaky1D :
DNS server is the most practical place to see where people want to go.
Not really. The purpose of DNS is to convert names to numbers. If you want to know where people are going, just log the destinations of the traffic.
DNS redirects are about revenue. The ISP can charge advertisers fees for redirecting failed lookups to specific pages.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
reply
DaSneaky1D @ 13th Apr 02:18PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by NormanS :said by DaSneaky1D :
DNS server is the most practical place to see where people want to go.
Not really. The purpose of DNS is to convert names to numbers. If you want to know where people are going, just log the destinations of the traffic.
What if the destination IP had 100 virtual web hosts associated it?
Seeing where people intend to go is more worthwhile.
reply
NormanS @ 14th Apr 02:17AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by DaSneaky1D :
What if the destination IP had 100 virtual web hosts associated it?
Seeing where people intend to go is more worthwhile.
DNS doesn't reveal that information. You would have to log the packets.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
reply
DaSneaky1D @ 14th Apr 11:25AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
OK, my perspective comes from the use of DNS servers that never return 404 errors...yet instead take you to a private search page ads related to the intended destination.
I know what DNS servers do and don't do. I'm talking about the DNS service Charter recently started using...and they do reveal desired destinations.
--
:: my trivial ramblings ::
reply
Darkk @ 14th Apr 03:55PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
If you take a look on the site of the company hosting the DNS corruption, er re-direction, you'll see one of the features mentioned is inserted ads on the re-direct page based on browsing history.
So yeah, they are using the DNS interception to track your Internet wanderings. What they are doing with it and who they are selling it to I can't get out of Corporate Escalation. And, months later I have yet to get through to a live person at Charter Corporate. They are purposely and completely ducking this DNS corruption issue. They won't return calls on the issue. You get a blow-off email and letter telling you that Charter has tried numerous times to contact you (they don't) and the numbers they give you for contact never are answered by a live person, nor are the voice mail messages you leave ever returned.
The Internet runs on standards, and they horribly broke one of the core standards with the DNS change and re-direction.
reply
bartg @ 14th Apr 09:51PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Charter has also implemented their corrupt version of DNS protocol recently (~1 week) here in Burbank CA as well. I doubt it will be left in place for long, and will probably end up costing them far more to deal with the mess (answer to ICANN, settle potential class actions, bad press . . .) than the immediate short term profits effectively stolen from users.
Not to mention the person(s) at Charter that cooked this one up. Hope they don't make too many typo's trying to get to monster . . .
reply
joeykahn @ 14th Apr 10:25PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Yep, bartg, Charter's new "service" is very annoying. I ended up previously known internal DNS servers from Charter's business class service -- which I used to have, long ago, when the finer company of Bresnan Communications ran things locally .
Let us know how your charms work on Charter, please ;)
Best,
Joey
reply
Monster Rain @ 14th Apr 10:31PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
You guys must make a lot of typos.
reply
joeykahn @ 14th Apr 10:50PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Well, with help from the entire world of broken links too, Pat, other people's typos become your own.
Really, it isn't just about typos; these sort of high level DNS changes ruin various applications including my site download scripts and other software. Broken (hostname) links are still a way of life on the web.
The problem is more than being annoying from making a "typo" when you have to dig through 25 years of tools and library code.
I thought I retired; then again, I have plenty of time on my hands, right? ;)
reply
Monster Rain @ 14th Apr 11:32PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by joeykahn :
Really, it isn't just about typos; these sort of high level DNS changes ruin various applications including my site download scripts and other software.
Care to elaborate on your scripts, or what other software is ruined?
reply
joeykahn @ 14th Apr 11:40PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Of course I can. I sent the entire letter to Charter and I'm not up to duplicating it here, at the moment. I'll post it on one of my blogs and link back since itis in the form of an open letter (once I add the title "An Open Letter...";) it may be more suitable on a clearly biased site ;)
Thanks for asking ;)
reply
useless @ 15th Apr 06:52PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I can only think of a webcrawler (mb a homebew one?) that would be affected...waiting to see the letter in the meantime.
reply
anon @ 16th Apr 02:08PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
said by useless :
I can only think of a webcrawler (mb a homebew one?) that would be affected...waiting to see the letter in the meantime.
This should be amusing :)
reply
Darkk @ 16th Apr 08:27PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Time to stop thinking web-browser-centric...
Lots of apps rely on a predictable DNS error on a server being unavailable. This is horribly broken when DNS is corrupted the way Charter implemented it.
SFTP, FTP, SSH all return a rejected login and not a server unavailable with the new DNS corruption. You can't validate domains to determine whether email is spam as all domains now resolve, not to their respective site, but now to Charter's proxy site, causing all reverse DNS tests to pass on any email, spam and non-existent domains included. (Thanks for helping the Spammers and scammers Charter!)
Standards are there for a reason, and that reason is that applications and protocols depend on standards-based operation to work correctly and to work as expected. Charter broke this when it corrupted the standard DNS operation.
There is a whole lot more to the Internet than just a web browser.
If Charter had half a clue, they would have at least implemented the DNS hijack so that it affected only requests directed toward port 80 resources, rather they chose to foul *everything* up.
reply
Monster Rain @ 16th Apr 08:32PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
FTP and SSH are working fine for me Darkk.
reply
Darkk @ 17th Apr 07:44AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
What happens now on an offline (unreachable) server?
Do you get a "not available" message or a connection refused message?
reply
useless @ 17th Apr 08:01PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
Are you under the impression that when you FTP by a name you are not querying DNS same as a browser?
And if your mail server is having issues, change the resolv.conf file on your *nix mail server.
This forum (not just the Charter corner) is full of people that holler and scream about their ISPs DNS service. Not sure why anyone that reads here often is it using for things they consider critical.
And if you think Charter is the first company to think of this I believe you are probably mistaken. If they are truly the first, props for being first at something.
We still have the normal DNS. But I suspect if one nmaps the "New" dns server, it is not listening on 21 or 22 or whatever nonstandard port you are using. Might get this:
ssh: connect to host 24.217.0.5 port 17236: Connection refused
Will be interesting to see. I would imagine that 0.5 will be replace with something else in St Louis. Guess I could try this on an outdated DNS server and see.
reply
useless @ 17th Apr 08:34PM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
I was perusing another thread in another forum..stumbled upon something interesting..
This new DNS.. wonder what affect it has / would have / could have on the millions of trojans and botnets out there..think any of those are using DNS?? I always assuming port scanning and that they blow up arp tables. Thoughts?
reply
anon @ 18th Apr 10:52AM:
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
yo joey, we are waiting for you to post your "letter".
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC