EastLink hijacking DNS
|
View:
New views
20 Messages
—
Rating Filter:
Alert me
|
| < Prev | 1 - 2 | Next > |
 |
EastLink hijacking DNS
by Eri Ramos Bastos
::
Rate this Message:
Hello, group.
I just noticed that EastLink is now hijacking DNS. Has anyone else been affected yet? I just sent them an email about this, since this is a clear violation of RFC 2308. My question for you is: If they decide to keep this up, do I have options? What about alliant and rogers? do they have the same stupid policy in place? Regards, Eri Ramos Bastos _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Hatem Nassrat
::
Rate this Message:
On Sat, Oct 31, 2009 at 09:05:55AM -0300, Eri Ramos Bastos wrote:
> I just noticed that EastLink is now hijacking DNS. Are you talking about them grabbing your queries to google when you type directly in the url bar of firefox (and it gives you an eastlink search page). I found that very annoying and somewhat unprofessional, I guess they got a 14 yr old techie on board. In any case there is an opt out link you can click on, I find that took away most of the anger I had. -- Hatem Nassrat _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by mike.lifeguard
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Eri Ramos Bastos wrote: > My question for you is: If they decide to keep this up, do I have > options? What about alliant and rogers? do they have the same stupid > policy in place? To the best of my knowledge, Aliant doesn't do this. They don't even use traffic shaping (as of about 2 months ago, and I haven't noticed any recently - though they wouldn't promise not to do so in the future). But how would I check for DNS hijacking for sure? - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrsSRYACgkQst0AR/DaKHvJiQCfbP3bdTzHhVneiwsMPcgVCEpT SwQAoIN7+LeTojYWeCV1S1DlAbIsK63U =4OP9 -----END PGP SIGNATURE----- _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Eri Ramos Bastos
::
Rate this Message:
Just type http://www.thisurldoesnotexistsforsure.com/ in your address bar.
You should get an "Address not found" error at Firefox. If you get a search page (usually branded with your telco's logo) then they are hijacking your DNS. Also you can use nslookup or the host command to try to resolve a non-existent hostname. It should return something like this: $ host imsurethisonedoesnotexistsaswell.org Host imsurethisonedoesnotexistsaswell.org not found: 3(NXDOMAIN) If you get an IP address instead, they are hijacking. Regards, Eri Ramos Bastos > But how would I check for DNS hijacking for sure? _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Herb -2
::
Rate this Message:
There's an FB group devoted to the subject:
http://www.facebook.com/home.php#/group.php?gid=153235963294 -Herb On Sat, Oct 31, 2009 at 11:59 AM, Eri Ramos Bastos <bastos.eri@...> wrote: > Just type http://www.thisurldoesnotexistsforsure.com/ in your address bar. > > You should get an "Address not found" error at Firefox. If you get a > search page (usually branded with your telco's logo) then they are > hijacking your DNS. > > Also you can use nslookup or the host command to try to resolve a > non-existent hostname. It should return something like this: > > $ host imsurethisonedoesnotexistsaswell.org > Host imsurethisonedoesnotexistsaswell.org not found: 3(NXDOMAIN) > > If you get an IP address instead, they are hijacking. > > Regards, > Eri Ramos Bastos > > >> But how would I check for DNS hijacking for sure? > _______________________________________________ > nSLUG mailing list > nSLUG@... > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug > nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Mike Spencer
::
Rate this Message:
On Sat, Oct 31, 2009 at 09:05:55AM -0300, Eri Ramos Bastos wrote: erb> I just noticed that EastLink is now hijacking DNS. There was some discussion of this on hfx.general when someone there noticed. Hatem Nassrat opined: hn> In any case there is an opt out link you can click on, I find that hn> took away most of the anger I had. Yeah, right. I suspect you're more even-tempered than I am. I'm not even an Eastlink user and I'm pretty grumpy about it. :-) Network Solutions tried this a while back and got a boot to the head. erb> My question for you is: If they decide to keep this up, do I have erb> options? What about alliant and rogers? do they have the same erb> stupid policy in place? Apparently (supeficial scroot) it's not uniformly distributed but this guy [1] says that Bell and Rogers are doing it. If Bell is doing it, it's only a matter of time for Aliant, no? It's not clear to me what the "opt-out" does but it's allegedly volatile and reverts. One of these guys [2] suggests a bash scrip <- cron to re-opt him out every minute or similar. I know a tech at Eatslink. I'll have to ask him what he's hearing. - Mike [1] http://www.josesandoval.com/2009/07/block-bells-or-rogerss-dns-hijacking.html [2] http://www.dslreports.com/forum/r23189352-Eastlink-DNS-Hijacking -- Michael Spencer Nova Scotia, Canada .~. /V\ mspencer@... /( )\ http://home.tallships.ca/mspencer/ ^^-^^ _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Michael Gillie
::
Rate this Message:
I'm sorry, But since when does Eastlink have the authority to start this kind of illicit activity?
On Sat, Oct 31, 2009 at 12:38 PM, Mike Spencer <mspencer@...> wrote:
-- Have a great day, Michael C. Gillie 1-902-482-9644 Skype: hemmysoft _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by D G Teed-2
::
Rate this Message:
On Sat, Oct 31, 2009 at 9:05 AM, Eri Ramos Bastos <bastos.eri@...> wrote:
Hello, group. Are they trying to stop people from running domain hosting from home? I run my own DNS server and it still works with your host not found test and also the google search bar within firefox. I'm in the valley, so perhaps they are implementing this one segment at a time. I use dyndns for my personal domain as I always imagined inbound DNS queries would be a red flag in violation of their policies. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by mike.lifeguard
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Eri Ramos Bastos wrote: > $ host imsurethisonedoesnotexistsaswell.org > Host imsurethisonedoesnotexistsaswell.org not found: 3(NXDOMAIN) Yep, so no hijacking from Aliant. Apparently Bell does both traffic shaping and DNS hijacking, and currently Aliant does neither. I have little hope that will last forever, but for now I'm quite comfortable. - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrsZRcACgkQst0AR/DaKHtfOgCgz7AfIba50Ca0PFNgcQgfh5Sl JYsAoJ2ylrohI/e78HBRBgKNfeDpj9Rq =rPpd -----END PGP SIGNATURE----- _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by D G Teed-2
::
Rate this Message:
For someone experiencing the hijacks, what does it look like in dig +trace?
e.g. dig +trace imsurethisonedoesnotexistsaswell.org _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Hatem Nassrat
::
Rate this Message:
On Sat, Oct 31, 2009 at 12:38:52PM -0300, Mike Spencer wrote:
> hn> In any case there is an opt out link you can click on, I find that > hn> took away most of the anger I had. > > Yeah, right. I suspect you're more even-tempered than I am. I'm not > even an Eastlink user and I'm pretty grumpy about it. :-) Network > Solutions tried this a while back and got a boot to the head. I certainly don't like it, but the opt out did work. It didn't show up again and its been atleast a couple of months. I am not sure what all the beef is, all they are trying to do is show you some of their adds so you can click on them. Don't hate the playa hate the game (lol, I hate that phrase a lot (I also hate saying lol, it sounds so weird when I read it)) I believe there is also a feedback email or section, I remember sending them hatemail when I got this at home. When I went on another network and saw the Eastlink Search thing again, it didn't feel so bad (probably cause I knew where to find the opt out link :). -- Hatem Nassrat _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Eri Ramos Bastos
::
Rate this Message:
Some people are reporting the opt-out has only a temporary effect[1][2]
Just to be sure that's what I added to my crontab: ------------------- #!/bin/bash curl "http://www.thisurldoesnotexitandimpositiveboutthat.com" &>/dev/null [ $? -eq 0 ] && curl -A "DNS Hijacking Sucks, EastLink" "http://searchmanager.eastlink.ca/optout.php?brand=eastlink&lang" \ &>/dev/null && logger "opt-out from EastLink" ------------------- [1] http://www.dslreports.com/forum/r23189352-Eastlink-DNS-Hijacking [2] http://groups.google.com/group/hfx.general/msg/9f629f6a81638aa4 Regards, Eri Ramos Bastos On Sat, Oct 31, 2009 at 2:08 PM, Hatem Nassrat <hnassrat@...> wrote: > On Sat, Oct 31, 2009 at 12:38:52PM -0300, Mike Spencer wrote: >> hn> In any case there is an opt out link you can click on, I find that >> hn> took away most of the anger I had. >> >> Yeah, right. I suspect you're more even-tempered than I am. I'm not >> even an Eastlink user and I'm pretty grumpy about it. :-) Network >> Solutions tried this a while back and got a boot to the head. > > I certainly don't like it, but the opt out did work. It didn't show up > again and its been atleast a couple of months. I am not sure what all > the beef is, all they are trying to do is show you some of their adds so > you can click on them. Don't hate the playa hate the game (lol, I hate > that phrase a lot (I also hate saying lol, it sounds so weird when I > read it)) > > I believe there is also a feedback email or section, I remember sending > them hatemail when I got this at home. When I went on another network > and saw the Eastlink Search thing again, it didn't feel so bad (probably > cause I knew where to find the opt out link :). > > -- > Hatem Nassrat > _______________________________________________ > nSLUG mailing list > nSLUG@... > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug > nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by mike.lifeguard
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Hatem Nassrat wrote: > I am not sure what all > the beef is, all they are trying to do is show you some of their adds so > you can click on them. Don't hate the playa hate the game (lol, I hate > that phrase a lot (I also hate saying lol, it sounds so weird when I > read it)) The issue is that they're not following the rules of the game - even if there were no consequences, it would be wrong. And there are consequences. Eastlink has no excuse - this has been done before, and it was a problem then as well. One hopes ICANN takes notice and throws the book at them as they've done in the past. - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrsg2wACgkQst0AR/DaKHvE2gCaApxFjflCssfJDYK67b4z602B b/wAoM1NJ9WM1/tbCnQ59IhCkzQRkYnL =sQG0 -----END PGP SIGNATURE----- _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Dop Ganger
::
Rate this Message:
On Sat, 31 Oct 2009, Eri Ramos Bastos wrote:
> Some people are reporting the opt-out has only a temporary effect[1][2] > > Just to be sure that's what I added to my crontab: > > ------------------- > #!/bin/bash > > curl "http://www.thisurldoesnotexitandimpositiveboutthat.com" &>/dev/null > [ $? -eq 0 ] && curl -A "DNS Hijacking Sucks, EastLink" > "http://searchmanager.eastlink.ca/optout.php?brand=eastlink&lang" \ > &>/dev/null && logger "opt-out from EastLink" > ------------------- Heavens. That's rather inefficient and excessive. Why don't you just change your default search domain to something other than eastlink.ca? Cheers... Dop. _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Eri Ramos Bastos
::
Rate this Message:
> Heavens. That's rather inefficient and excessive. Why don't you just
> change your default search domain to something other than eastlink.ca? > > Cheers... Dop. Hey... good idea... Won't send my personal compliments like my fake user agent, but I seriously doubt they look at their logs anyway.... []'s Eri Ramos Bastos _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Richard Bonner
::
Rate this Message:
On Sat, 31 Oct 2009, Michael Gillie wrote: > I'm sorry, But since when does Eastlink have the authority to start this > kind of illicit activity? *** Since they boarded the "Greedy" train. Remember: Fewer and fewer companies in the 21st century care about their customers. Richard _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Richard Bonner
::
Rate this Message:
> I am not sure what all the beef is, all they are trying to do is > show you some of their adds so you can click on them. *** First, be aware that it's "ads". "Adds" pertains to addition, not advertising. -------- What the beef is, is that Weaklink is subbing their ads for Google's (and presumably ones on other search sites) - for which Weaklink gets *paid*. Think of buying ad space from Google that is to be directed at the local population and then finding that it never gets seen by Weaklink customers because Weaklink is bypassing it. > Don't hate the playa hate the game (Snip) > -- > Hatem Nassrat *** No. Hate the players that pull this crap. Richard _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Dan Peterson-2
::
Rate this Message:
On Sat, Oct 31, 2009 at 2:51 PM, Dop Ganger <nslug@...> wrote:
> Why don't you just change your default search domain to something > other than eastlink.ca? I'm fairly certain that won't help. Their caches (when you're opted in) return an A record for anything that would otherwise return NXDOMAIN, not just anything.eastlink.ca. I've opted out and can't find a way to opt back in (surprising) to test. Running dig against thisdoesnotexist.eastlink.ca returns NXDOMAIN as I would expect. -Dan _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Dop Ganger
::
Rate this Message:
On Mon, 2 Nov 2009, Dan Peterson wrote:
> On Sat, Oct 31, 2009 at 2:51 PM, Dop Ganger <nslug@...> wrote: >> Why don't you just change your default search domain to something >> other than eastlink.ca? > > I'm fairly certain that won't help. Their caches (when you're opted > in) return an A record for anything that would otherwise return > NXDOMAIN, not just anything.eastlink.ca. Really? Is Eastlink's DNS returning something for, say, "host badnname.dns.com. 24.222.0.94" as well as "host baddnsname.dns.com.eastlink.ca 24.222.0.94"? Are you getting assigned different DNS servers by DHCP, perhaps? I'm assigned 24.222.0.94 and 24.222.0.95 and don't see this myself from either of those two servers. Cheers... Dop. _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: EastLink hijacking DNS
by Dan Peterson-2
::
Rate this Message:
On Mon, Nov 2, 2009 at 9:06 AM, Dop Ganger <nslug@...> wrote:
> Really? Is Eastlink's DNS returning something for, say, "host > badnname.dns.com. 24.222.0.94" as well as "host > baddnsname.dns.com.eastlink.ca 24.222.0.94"? > > Are you getting assigned different DNS servers by DHCP, perhaps? I'm > assigned 24.222.0.94 and 24.222.0.95 and don't see this myself from either > of those two servers. I've been assigned .96 and .97. Like I said, I can't find where to opt back in to test for sure. I thought when I discovered they were hijacking that I tested with 'dig satoehuastoehu' or similar which doesn't use search domains without '+search'. But it looks like I may have used ping instead which would. So maybe it is based on searching eastlink.ca. Either way, not good. >_< -Dan _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
| < Prev | 1 - 2 | Next > |
| Free embeddable forum powered by Nabble | Forum Help |
