shakka_kahn
@charter.com | reply to joeykahn
Re: Charter Corrupting DNS protocol (ie: hijacking hosts)
yo joey, we are waiting for you to post your "letter". |
|
useless
join:2006-07-16
| reply to useless
I was perusing another thread in another forum..stumbled upon something interesting..
This new DNS.. wonder what affect it has / would have / could have on the millions of trojans and botnets out there..think any of those are using DNS?? I always assuming port scanning and that they blow up arp tables. Thoughts? |
|
useless
join:2006-07-16
2 edits | reply to Darkk
Are you under the impression that when you FTP by a name you are not querying DNS same as a browser?
And if your mail server is having issues, change the resolv.conf file on your *nix mail server.
This forum (not just the Charter corner) is full of people that holler and scream about their ISPs DNS service. Not sure why anyone that reads here often is it using for things they consider critical.
And if you think Charter is the first company to think of this I believe you are probably mistaken. If they are truly the first, props for being first at something.
We still have the normal DNS. But I suspect if one nmaps the "New" dns server, it is not listening on 21 or 22 or whatever nonstandard port you are using. Might get this:
ssh: connect to host 24.217.0.5 port 17236: Connection refused
Will be interesting to see. I would imagine that 0.5 will be replace with something else in St Louis. Guess I could try this on an outdated DNS server and see. |
|
Darkk
join:2003-10-03
Almont, MI | reply to Monster Rain
What happens now on an offline (unreachable) server?
Do you get a "not available" message or a connection refused message? |
|
Monster Rain
Premium
join:2002-08-03
USA | reply to Darkk
FTP and SSH are working fine for me Darkk. |
|
Darkk
join:2003-10-03
Almont, MI
 ·Charter Pipeline
| reply to shakka_kahn
Time to stop thinking web-browser-centric...
Lots of apps rely on a predictable DNS error on a server being unavailable. This is horribly broken when DNS is corrupted the way Charter implemented it.
SFTP, FTP, SSH all return a rejected login and not a server unavailable with the new DNS corruption. You can't validate domains to determine whether email is spam as all domains now resolve, not to their respective site, but now to Charter's proxy site, causing all reverse DNS tests to pass on any email, spam and non-existent domains included. (Thanks for helping the Spammers and scammers Charter!)
Standards are there for a reason, and that reason is that applications and protocols depend on standards-based operation to work correctly and to work as expected. Charter broke this when it corrupted the standard DNS operation.
There is a whole lot more to the Internet than just a web browser.
If Charter had half a clue, they would have at least implemented the DNS hijack so that it affected only requests directed toward port 80 resources, rather they chose to foul *everything* up. |
|
shakka_kahn
@charter.com
| reply to useless
said by useless  :I can only think of a webcrawler (mb a homebew one?) that would be affected...waiting to see the letter in the meantime. This should be amusing  |
|
useless
join:2006-07-16 | reply to joeykahn
I can only think of a webcrawler (mb a homebew one?) that would be affected...waiting to see the letter in the meantime. |
|
joeykahn
join:2005-09-10
Bay City, MI
| reply to Monster Rain
Of course I can. I sent the entire letter to Charter and I'm not up to duplicating it here, at the moment. I'll post it on one of my blogs and link back since itis in the form of an open letter (once I add the title "An Open Letter...";) it may be more suitable on a clearly biased site 
Thanks for asking
|
|
Monster Rain
Premium
join:2002-08-03
USA
| reply to joeykahn
said by joeykahn :Really, it isn't just about typos; these sort of high level DNS changes ruin various applications including my site download scripts and other software. Care to elaborate on your scripts, or what other software is ruined? |
|
joeykahn
join:2005-09-10
Bay City, MI
| reply to Monster Rain
Well, with help from the entire world of broken links too, Pat, other people's typos become your own.
Really, it isn't just about typos; these sort of high level DNS changes ruin various applications including my site download scripts and other software. Broken (hostname) links are still a way of life on the web.
The problem is more than being annoying from making a "typo" when you have to dig through 25 years of tools and library code.
I thought I retired; then again, I have plenty of time on my hands, right? |
|
Monster Rain
Premium
join:2002-08-03
USA | reply to joeykahn
You guys must make a lot of typos. |
|
joeykahn
join:2005-09-10
Bay City, MI
| reply to bartg
Yep, bartg, Charter's new "service" is very annoying. I ended up previously known internal DNS servers from Charter's business class service -- which I used to have, long ago, when the finer company of Bresnan Communications ran things locally .
Let us know how your charms work on Charter, please
Best,
Joey |
|
bartg
join:2000-08-27
Burbank, CA
| reply to joeykahn
Charter has also implemented their corrupt version of DNS protocol recently (~1 week) here in Burbank CA as well. I doubt it will be left in place for long, and will probably end up costing them far more to deal with the mess (answer to ICANN, settle potential class actions, bad press . . .) than the immediate short term profits effectively stolen from users.
Not to mention the person(s) at Charter that cooked this one up. Hope they don't make too many typo's trying to get to monster . . . |
|
Darkk
join:2003-10-03
Almont, MI
·Charter Pipeline
| reply to DaSneaky1D
If you take a look on the site of the company hosting the DNS corruption, er re-direction, you'll see one of the features mentioned is inserted ads on the re-direct page based on browsing history.
So yeah, they are using the DNS interception to track your Internet wanderings. What they are doing with it and who they are selling it to I can't get out of Corporate Escalation. And, months later I have yet to get through to a live person at Charter Corporate. They are purposely and completely ducking this DNS corruption issue. They won't return calls on the issue. You get a blow-off email and letter telling you that Charter has tried numerous times to contact you (they don't) and the numbers they give you for contact never are answered by a live person, nor are the voice mail messages you leave ever returned.
The Internet runs on standards, and they horribly broke one of the core standards with the DNS change and re-direction. |
|
DaSneaky1D
one wall to block them all
Premium,MVM
join:2001-03-29
The Lou
·Charter Pipeline
| reply to NormanS
OK, my perspective comes from the use of DNS servers that never return 404 errors...yet instead take you to a private search page ads related to the intended destination.
I know what DNS servers do and don't do. I'm talking about the DNS service Charter recently started using...and they do reveal desired destinations.
--
:: my trivial ramblings :: |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to DaSneaky1D
said by DaSneaky1D :What if the destination IP had 100 virtual web hosts associated it? Seeing where people intend to go is more worthwhile. DNS doesn't reveal that information. You would have to log the packets.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
DaSneaky1D
one wall to block them all
Premium,MVM
join:2001-03-29
The Lou
·Charter Pipeline
| reply to NormanS
said by NormanS :said by DaSneaky1D :DNS server is the most practical place to see where people want to go. Not really. The purpose of DNS is to convert names to numbers. If you want to know where people are going, just log the destinations of the traffic. What if the destination IP had 100 virtual web hosts associated it?
Seeing where people intend to go is more worthwhile. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to DaSneaky1D
said by DaSneaky1D :DNS server is the most practical place to see where people want to go. Not really. The purpose of DNS is to convert names to numbers. If you want to know where people are going, just log the destinations of the traffic.
DNS redirects are about revenue. The ISP can charge advertisers fees for redirecting failed lookups to specific pages.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
DaSneaky1D
one wall to block them all
Premium,MVM
join:2001-03-29
The Lou
·Charter Pipeline
| reply to wispagod
said by wispagod :Makes me wonder if charter sells our click stream data as well. DNS server is the most practical place to see where people want to go. Proxy servers can be a pain to implement and search is only as relevant as the destination you actually "click-through" to.
If you resolve "homedepot.com" for a large majority of your customers in a given area, you can sell more "Home Depot" services directly to a given market. If you see a lot of "adult type" resolutions, well, you can figure that out as well.
BIND 4 teh w1n!!!11!1 |
|
