bigburd
join:2009-09-14
Butte, MT
kudos:1 | Bresnan Hijacks Your Browser I'm an IT Professional and have an in depth understanding of networking principals and such. I've been using Bresnan for about a year now and today I finally had it with their hijacking of my traffic. Here's the scoop.
Try searching from your address bar, say type "Windows XP SP1" in your address bar and chances are extremely high that you will not wind up on your chosen search provider's page and just as unlikely that your browser will be heading for you search provider's top results page either. I've seen posts in this forum from a while back about using opendns and problems those folks were having but I have working proof that Bresnan is NOT doing funky DNS things they are actually using soemthing that captures specific traffic and redirects you to their little search page where they can generate ad revenue. Here's my proof...
I not only have bresnan cable internet but I also have qwest in my house. I host services like chat, web sites, email and such on my qwest connection with a linux server and we also use linux as a caching name server for all of our internal computers. My caching server doesn't even use bresnan's DNS servers and it doesn't even use my bresnan connection to resolve ip addresses for us, it uses the qwest connection. Yet Bresnan STILL manages to redirect my traffic to their little commercial venture whenever I search from the address bar. I have no clue how they are doing it exactly (there's probably a few ways I can think of) but they are doing it. This morning I had it happen several times within an hour and got fed up.. I called Bresnan.
Naturally as with every ISP the Tier one guy was no help at all. His solutions started out as let's unplug this, get rid of your router, maybe we should restart the cable box and all kinds of other sophomoric solutions which I knew instantly had nothing to do with the issue at hand. Finally, I got fed up with the guy and asked to talk with his manager. When I talked with the manager the first thing I asked was what kind of IT skills does she have because if she has none talking to her would be like talking to a brick wall. The manager was honest and stated her skills were not that technical. She then assured me that she would find someone with the skills necessary to call me back. I laughed and said I'll believe it when they call. I also warned her that I had spent quite some time on the phone over this issue and she better not have someone call me that has no clue or power because I would explode. Guess what.. they have some guy call me that attempted to console me while he told me that this would not get changed. At that point I could feel the little vein in my forehead start to bulge out and I had it.. I gave this fella an earfull and told him I have nothing to talk to him about if he can't produce results to tier me up again, maybe two. He said he would and I haven't hard from them yet, we will see what they do.
This is by far the worst case of ISP scumbaggery I have ever encountered from an ISP that wasn't free. I honestly question the legality of this matter as well as I do not recall anything in the service contract stating my paid-for bandwidth could be controlled and redirected at their little hearts content. I paid for this bandwidth and I don't recall asking them to push their little solicitation onto me. I may, by the end of the day purchase a .com for Bresnan customers to petition them to stop their underhanded game of controlling my traffic in order to generate revenue. Stay tuned....
ANGRY!!!!  |
|
3 edits | Curious as to your setup specifically. I assume you have a dual WAN router or equivalent. What I am most curious of is whether or not your computer is getting Bresnan's search string or is using them for the DNS suffix so when it creates a FQDN it appends .bresnan.net or whatever it was to it. I was able to fix this problem by having my router not pass their search string and DNS suffix to my LAN. After that I no longer had any issues with their search redirects. This was last year though too, so they may have a more aggressive approach on it now... |
|
bigburd
join:2009-09-14
Butte, MT
kudos:1
1 edit | nothing really fancy I use the bresnan modem and a tomato driven router on the bresnan line and the actiontec on the qwest line, all internal interfaces are on the same subnet inside and on any machine I just change the default gateway and I go out one way or the other. I think they are doing it at various packet levels to be honest. I kinda caught on the other day, almost any time a web server returns a 404 bresnan takes over. The search from the address bar is different cause it is grabbing the url and using it as GET data in the search url they send back to me. For example when I put "WIndows XP SP2" in the browser bar I get this back:
»search.bresnan.net/ptsAsRedir.ph···sp2&ref=
which is kind of funny because there is clearly an error on their search page for me as I get a blank page today.
EDIT: just wanted to explain that I do not do dual homing or anything like that network-wise. I use my qwest connection to host web sites, email, dns, chat, and other services while we game and browse on the bresnan. |
|
|
|
| reply to bigburd
Re: DNS redirects (mistakenly called hijacking) I worked for these guys until recently when I moved out of state, so thought I'd offer some help here.
First of all, I can say quite truthfully that they are NOT hijacking any packets or DNS requests. If you query their DNS servers and get a no entry response it will instead return the redirect URL. This is not the same as a hijack.
The solution is to use a 3rd party DNS like OpenDNS or others.
For most home users who have trouble with this issue, usually it's because you are only updating the DNS on your computer- you need to update it in your router first, then the computer, flush cache (reboot) and it should work fine on the non-Bresnan DNS.
To "bigburd" specifically:
I've seen setups like yours and the issue usually comes to this- somewhere you have a device or a cache entry that still is pointing to their DNS servers or appending their DNS suffix, and when you get the no response from the other servers your systems are looking for ALL possible alternate servers and cache history before returning that to your browser. A no entry response is always pre-empted in DNS by ANY other response type, so you probably ARE getting the no entry response from your servers but it's then looking further and finding the redirect somehow.
Bypassing your router and simplifying your network to isolate an issue is IT 101, so I'm not going to get into the why since you claim to be an IT professional.
Lose the attitude, hook a laptop direct to the Bresnan modem, set DNS manually, flush your DNS cache and reboot. If it stops redirecting (which it will) then you know the problem is elsewhere, and can either solve it or continue to yell at people that aren't causing the issue.
Or perhaps it still won't work, in which case you now have some solid data to give to their techs to get your issue escalated to someone who can fix it.
I would also recommend you provide your packet capture log data showing the specific packets that were "hijacked". Specifically, show where you send a DNS query out to the 3rd party server and get a reply that is inserted by the Bresnan equipment. I won't go into details since you are such a great IT person who knows so much, I'm sure you already have those logs and not just a redirect URL, right? RIGHT? Didn't think so.
You then proceed to say you're not dual-homing but you're running two outbound connections to the same subnet, and that's dual-homing even if you aren't announcing BGP routes. In fact, that's probably a good part of the problem right there- if you request DNS and get a null return from the one domain suffix the other is still visible to the local network and will happily try that one next.
But in all seriousness- they aren't hijacking your packets. |
|
bigburd
join:2009-09-14
Butte, MT
kudos:1 | I have to prove nothing here. Your argument makes no sense whatsoever and YES Bresnan DOES hijack traffic I've seen it with my own two eyes. They are redirecting traffic to an ad driven search page. |
|
| I don't seem to be experiencing this. I got their service again (in Butte for college) though almost wish I hadn't...(am experiencing the same slowdowns everyone else is)
I am not using their DNS servers nor am I having my router pass their domain/DNS suffix and search string to my computers. If I type in an invalid web address my browser returns a generic server not found error as it should. If I type in a keyword I get Firefox's Google search as expected in the situation. I ran a test with their search string and DNS suffix still not passed but using their DNS server and did get their search redirect on a website that is known to not exist. I have not tried it with the DNS suffix passed but I suspect the same will happen regardless of DNS server based on what I found out last year. |
|
1 edit | reply to bigburd
Re: Bresnan Hijacks Your Browser Same here, I use Level 3 dns servers on my domain and I am not being redirected. I end up on bing. 
 |
|
| reply to bigburd
Re: DNS redirects (mistakenly called hijacking) Most major ISPs do this now. |
|
bigburd
join:2009-09-14
Butte, MT
kudos:1
1 edit | reply to bigburd
Re: Bresnan Hijacks Your Browser I simply cannot reproduce this tonight.. I haven't changed anything on my end... The reason I complained was because it got so bad it was happening 20-30 times a day.. now nothing.. I search from the address bar all the time, too. |
|
| reply to bigburd
Finally someone who shares my struggle! From what i understand calling Bresnan technical support is a waste of time so i've been trying to fix this on my own (with limited technical knowledge). If i type in google.com I get sent to a bresnan redirect page because google.com does not exist but i can click on their sponsored link which is google.com which redirects me to the Bresnan page again. Usually when i try to go to a legitimate website it will stay blank or partially load the page. After hitting enter about 20 times in the URL address it will either go there, send me to the Bresnan page or tell me the server is not responding. This makes it impossible to access sites that a login is required. On many pages that i get through to, i am unable to click on any flash objects. Videos do not load and links like the reply buttons on this site and submit buttons act unclickable.
I used to get the Bresnan redirect all the time but now it varies. Either way simple tasks like going to one website turn into 15 minute technical struggles. Does anyone have any tips i can try before i go off on Bresnan and cancel? |
|
| reply to bigburd
I have only experienced the problem when using Bresnan's dns servers. By changing my dns to 4.2.2.1 and 4.2.2.2 (level 3's dns servers) I never have it anymore. If bigburd is correct then they may be testing something in certain areas that monitors HTTP traffic and redirects it to Bresnan pages, but that's going pretty far.
I would eliminate ANY instance of Bresnan's dns servers from ANY piece of your equipment that has it on your network for testing.. and see if that helps. Whether you use level3, opendns, etc. is up to you, but I wouldn't ever use Bresnan's dns at all. |
|
| reply to bigburd
This may be true after looking up information about Bresnan. Bresnan was bought by Charter Communications which has been caught doing that & is also filing for bankruptcy.
It was reported by Tony Bradle on about.com that Charter Communications redirected error pages and Windows Live Search results to a Charter search page without notifying customers. Users may opt out of redirection by clicking a link from the Charter search page; however, the opt-out link installs a cookie on the customer's computer, so deleting cookies will require the user to opt out again. |
|
| reply to bigburd
I can state without question that Charter Cable in St. Louis will "hijack" or re-direct any Google requests to Bing.
I own a local IT company specializing in network infrastructures, and we have severak AT&T T1 and Charter 10M pipes to our offices, and there are 2 to 3 hour periods where any Google request takes you to Bing.
We have our own DNS servers and have confirmed it with TRACERT.
If not illegal - at least the whole situation is pretty cheezy and as a Microsoft Gold partner - it's pretty embarassing they would do that. |
|
 christcorpPremium
join:2001-05-21
Cheyenne, WY
kudos:1 | reply to bigburd
I've read this thread since it started, but wanted to play with it every day since, before commenting. I have tried everything I can think of typing into the address bar. If I type something somewhat recognizable like "Windows XP"; I actually go to the microsoft windows XP website. If it's an uncommon direct input, it sends me to google.
The ONLY, let me repeat ONLY time my 5 different browsers took me to a bresnan site, was if I put in a traditional address that started with a www. and filled in a bad URL; such as www.rsfguwfhwiu.com or if I wanted to type a legit name, and I misspelled it and there was no DNS address for it. Then I would get directed to search.bresnan.net . That is the only time. If I type without a url, I go to google. If it's a common name, I actually go to the website.
I am 100% convinced that bresnan is NOT hijacking our browsers. I'm not saying you're paranoid, and I'm not discrediting you being an IT professional. I too have a background in IT/Computers. A Couple of my degrees are in computer science fields with emphasis in networking. I've been working in the IT field longer than Al Gore had invented the internet. For MORE than 30 years. A lot of that with the "Government". So I know what hijacking a computer is, and how to do it. Point is: I don't believe Bresnan is hijacking anything. I've been with them for about a year. I've seen bad DNS routing. I've seen other issues. I've also seen many web sites that will direct you to Bing if you are on their site when doing a search. But non of this has come from Bresnan. |
|
| reply to bigburd
Actually, I am constantly having the problem of getting redirected to the Bresnan search page, whether it's from a Google search bar inquiry, from the Google site itself, from a bookmark, or from clicking on links within a site. It has only been happening for the past few months, and there have been no changes on my end to explain the sudden change. Sometimes it can take five or six attempts to get past Bresnan's capture of the request. My problem with it all, aside from the sheer annoyance factor, is this; if I'm being redirected from a site I might choose to support through the use of their sponsored links to Bresnan's sponsored links, Bresnan is essentially trying to "hijack" income from other businesses. If this were a free ISP under discussion, it would be hard to complain. But considering the price Bresnan charges for a fairly mediocre service, it's unconscionable. I'm about 5 weeks from moving, and am seriously considering switching to the phone company's high-speed service. Yes, just the thought of it makes my palms sweat, but at this point, how much worse could it be?
As an aside, I'm also finding it takes much longer to send and receive e-mail since about the same time the search page issue began. Almost a minute to send a one line, text-only message? Bresnan says they haven't changed anything, and all is well with my service. Perhaps, but theirs is increasingly questionable. |
|
| I found this post noticing that brasnan was hijacking my 404s too. REALLY pissed me off for a second. I do custom 404 pages. I AM A WEB DEVELOPER!!! I need to see my 404 pages!!!!!!!!
So I checked on firefox, chrome, and safari. All hijacked!!!
My blood pressure lowered a little bit when I saw their "why am I here link." I clicked it and they let me opt out (i'm going to check for a stupid cookie. If I find one I am going to be pissed!)
bresnan has fast Internet here where I live, but after the nearly two days my phone and internet were down a month ago and this kind of crap. I AM SERIOUSLY considering an ISP change. |
|
1 edit | reply to soadlink
4.2.2.2 is Verizons.
OpenDNS is a good choice, but not very fast. Google recently made their DNS servers public at 8.8.8.8 and 8.8.4.4 and it's currently all about speed with google. »code.google.com/speed/public-dns/ |
|
