dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
957
share rss forum feed


SkellBasher
Yes Sorto, I'll take my Prozac

join:2000-10-22
Niagara Falls, NY

1 edit

Paxfire is shady

Although I'm not at one of the ISPs listed, we use Paxfire appliances for DNS redirection for our customers. (I hate it, but my objections were overruled by our owner.)

Even though we ONLY use them for NXDOMAIN redirection, we've caught them performing this search hijacking in the past. The first time, they told me that they were requested to make the change by an individual that hadn't worked for us in 3 years. I raised hell about it, and they reverted it. Since then, I've been watching for it, and they've made 'configuration mistakes' to turn this back on more than a few times.

I very much suspect that they're intentionally turning this on without ISP knowledge to increase revenues, reverting it when they get caught.

EDIT: I wasn't running a check for Bing, since it's almost never used. I decided to look, and sure enough, they were proxying Bing without our consent.

Shady shady... can't wait to get rid of them.

firedrakes

join:2009-01-29
Arcadia, FL
seen it happen more then once. with this company

openbox9
Premium
join:2004-01-26
Germany
kudos:2
reply to SkellBasher
So external companies have access to devices on your network to make configuration changes? Wow.


SkellBasher
Yes Sorto, I'll take my Prozac

join:2000-10-22
Niagara Falls, NY
That's how they're setup, yes, inline with the DNS servers.

It's a terrible solution, and one that I objected to mightily. However, I was overruled by people who sign my checks.

openbox9
Premium
join:2004-01-26
Germany
kudos:2
I can't believe any knowledgeable network security officer would go for something like that.


SkellBasher
Yes Sorto, I'll take my Prozac

join:2000-10-22
Niagara Falls, NY
I laid out the (significant) risks. The owner overruled me, and said to do it anyways. My only option to not put this in place was to quit, and that wasn't an option.

I made significant network changes because of this to ensure that the remainder of the network was protected, and the only things they could reach were walled off from everything else. I also have things setup in such a way that if they do anything I don't like, I can disconnect their equipment within seconds, and move us back to 'clean' DNS infrastructure. I've done this a few times, and Paxfire starts screaming instantly because revenues stop.

It sucks, but unless the bank lets me skip a few mortgage payments, it's what I have to do.


Sabre
Di relung hatiku bernyanyi bidadari

join:2005-05-17
Wish I could offer you a fallback job so you could take them down and quit. At least you're out there doing the best you can. Good job trying to keep them (semi)honest.

davenaff

join:2011-08-07
reply to SkellBasher
Do the Bing/Yahoo searches still redirect?

I'm trying to document the activity and have used DNS servers from a bunch of the ISPs mentioned in the article. The ISPs still proxy Google/Yahoo, but I've not been able to trigger a hijacked search.

nweaver

join:2010-01-13
Napa, CA
Within 24 hours of our going public, Paxfire halted the HTTP 302 redirections through the affiliate networks, but have maintained the DNS based interception, so they are still able to monitor users but aren't currently modifying search results.

»www.newscientist.com/blogs/onepe···che.html

Commission Junction has also suspended Paxfire's account:

»www.clickz.com/clickz/news/21004···-paxfire