Mediacom Users Struggle To Opt Out Of DNS Redirection Ads → 404?

cable operator Mediacom is now using DNS redirection to direct people who mistype URLs to a an ad-laden search portal instead of a 404 error

DNS doesn't produce 404 errors. 404 is an HTTP error code and I doubt Mediacom is doing anything with them.

No one said DNS produced the 404 error. What ISPs are doing is redirecting your connection to their adverts when their DNS server can't find the "SITE" you requested, or when the "URL" you requested from a valid site returns a 404 error.

If the URL you requested doesn't resolve at all IE the site does not exist, the normal browser response should be "Server not found". If, on the other hand, the site exists but the page you requested is not found on the site then a 404 error is returned by the website, and your browser should return "Error 404, Object not found".

In both cases above, nefarious ISPs detect both errors and hijack your connection by poisoning DNS and sending you to their advert site.

Bob

I'd like to see your evidence that they're intercepting responses from webservers (ala 404 errors) and replacing them with an ad page.

Hijacking NXDOMAIN is one thing. Connecting to an existing webserver, asking for a document, and your ISP replacing the answer... That should be criminal -- but, sadly, isn't.

if they are doing DPI along with NXDOMAIN they could easily catch all the 404 pages and replace them with whatever they want.

Well, the evidence lies in the Original article at the top of this thread:The ONLY way I know that this can happen (given that the web-server is the entity sending the 404) is with ISP installed DPI hardware seeing the web-server generated 404 error response, eating it, and sending an ISP-generated advert page instead.

In fact, if indeed customers are getting redirected on 404 errors, this is proof of the ISP using DPI. DPI is essentially a full-blown wiretap, and should require a subpoena!

The original thread doesn't present any *proof*. They are only describing what they are seeing. If the ISP is running a transparent proxy then they aren't messing with your connection to a foreign server. (you aren't connecting to the server you think you are. which is a different thing to bitch about.)

I'd love to look into it myself, but they aren't my ISP. If you want a URL to test, I'll give you one -- the server (my server) answers with a custom 404 page. (it has been for over a decade.)

Well what proof do you expect? Mediacom customers (such as myself) have confirmed this. You're asking for proof besides what they see. What proof will satisfy you? Some of the people involved in the thread discussed are/were Mediacom technicians!

I have a few sites on a dedicated server. The sites with a custom 404 don't result in Mediacom providing their assistance page. Sites without a custom 404 return Mediacom's assistance page.

Packet captures of both sides. If the server is returning http status code 404 and not a 302 redirect to the error page, and they aren't messing with it, then there's a whole new set of questions about what the h*** they're doing.

In fact, just use telnet or netcat and watch the characters as you type them. (you'll have to be the web browser and web server in this experiment.)

(BTW, I didn't see anyone from mediacom fessing up to exactly what they're doing. Just several "it's fixed now" jedi-hand-waves.)

Unfortunately that is getting above my skill level. But I'd be willing to entertain it if I had some guidance.

As far as anyone from Mediacom fessing up on it, I doubt it. I meant that a few Mediacom employees in the thread - who aren't advertised as employees but those who have been in the Mediacom forum do know - have confirmed the results that we customers have seen.