said by bburley:
I doubt that it is dns poisoning.
Maybe not now, but it opens up the possibility for it to happen.
Ive done a couple of "digs" through these two DNS servers, and they appear to be handing back legit records for some domains. e.g.
But if you dig at retailers, you get some different results:
Versus my own resolver:
Traceroute to 22.214.171.124 goes to rackspace, while 126.96.36.199 which belongs to Amazon naturally goes to their network.
Telnet to 188.8.131.52 and ask it for www.amazon.com and it gives you a redirect:
Ask it again for www.amazon.com with the path as /?mcenabled=1 and you get amazons webpage:
Ask amazons own web server for www.amazon.com and it gives it straight up.
Im guessing they are running some kind of proxy server that is looking at what URLs you are browsing to on a retailers domains. Perhaps when you go through certain URLs to make purchases it is able to determine that you bought something, and associate some kind of credit with your account (based on you registering with them and letting them know your IP ranges.)
Pure speculation, but this has potential to be quite evil. MITM attacks with HTTPS capturing bank details??? With all of your DNS going through their servers, poisoning is not out of the question since you are relying on their security, what ever and how ever good it may be...
Also I dont like the way they are playing the whole "dont let others profit off your customers" line... What has a customers retail habits got to do with the operation of your network? This is what the net neutrality debate is all about right? Network operators snooping in on customer activity and looking to profit from it.