Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

ISPs Covertly Hijacking Search Traffic → Re: Questions answered in this thread...

uniqs
25

« Don't use ISP DNS

This is a sub-selection from Questions answered in this thread...

rahvin112 join:2002-05-24 Sandy, UT	rahvin112 to nweaver Member 2011-Aug-5 2:13 pm to nweaver Re: Questions answered in this thread... According to the article the issue in this case is that the providers are using deep packet inspection to reroute search results on certain search providers to paid results. The only way to avoid this is encryption and only if they don't MITM (man in the middle) the SSL connection and have free access to your encrypted connections. This is EXACTLY this issue that created the net-neutrality debate that so many people don't understand. The ISP has free reign over your connection and people don't even realize how badly they could interfere without your knowledge.
	actions · 2011-Aug-5 2:13 pm ·
NetFixer From My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU	NetFixer Premium Member 2011-Aug-5 3:02 pm said by rahvin112: According to the article the issue in this case is that the providers are using deep packet inspection to reroute search results on certain search providers to paid results. The only way to avoid this is encryption and only if they don't MITM (man in the middle) the SSL connection and have free access to your encrypted connections. This is EXACTLY this issue that created the net-neutrality debate that so many people don't understand. The ISP has free reign over your connection and people don't even realize how badly they could interfere without your knowledge. That was also my intrepretation of the article, but since nweaver is supposed to know exactly what is being tested and/or intercepted, perhaps the article is in error?
	actions · 2011-Aug-5 3:02 pm ·
rahvin112 join:2002-05-24 Sandy, UT	rahvin112 Member 2011-Aug-5 5:56 pm Ah, I see that now. I'm curious, if it's deep packet inspection how does changing DNS server avoid it? Unless the appliance in question only responds to DNS requests that is, but then I don't see how it could alter search results because a DNS request isn't going to include search form submissions unless the providers network is broken.
	actions · 2011-Aug-5 5:56 pm ·
Matt3 All noise, no signal. Premium Member join:2003-07-20 Jamestown, NC	Matt3 Premium Member 2011-Aug-5 7:18 pm said by rahvin112: Ah, I see that now. I'm curious, if it's deep packet inspection how does changing DNS server avoid it? Unless the appliance in question only responds to DNS requests that is, but then I don't see how it could alter search results because a DNS request isn't going to include search form submissions unless the providers network is broken. As the article mentions, that's where specific "keywords" and URLs come into play. nweaver , please correct me if I am wrong, but I would think if the Paxfire appliance or software knows you are sending a DNS request to Google, they simply return an IP they own, pointing to a web server they control, read your form submission, then alter the traffic as they see fit ... exactly like OpenDNS currently does for all Google searches?
	actions · 2011-Aug-5 7:18 pm ·

nweaver join:2010-01-13 Napa, CA	nweaver Member 2011-Aug-6 7:26 pm Correct: The paxfire appliance sits in front of the DNS resolver. It returns an address in place of NXDOMAINs (the stated function), and also returns the address of their proxy in place of any request for yahoo, bing, or (formerly, sometimes) Google, in order to route the search engine traffic through the proxy.
	actions · 2011-Aug-6 7:26 pm ·

rchandra Stargate Universe fan Premium Member join:2000-11-09 14225-2105	rchandra Premium Member 2011-Aug-10 8:54 pm It may work to change DNS server settings in the specific cases of the stated ISPs who got these Paxfire boxen. But I don't think it would help in the general case.
	actions · 2011-Aug-10 8:54 pm ·

« Don't use ISP DNS

This is a sub-selection from Questions answered in this thread...