[Chapter-delegates] Canadian ISP Rogers violates net neutrality by hijacking failed DNS lookups

Mon Jul 21 16:59:27 PDT 2008

Siva

let me give you this analogy. Nobody hacked your computer or equipment  
but simply intercepted your communications to redirect them to the  
service of their choice.

It is relatively easy to do and done often for many good reasons

"Toute connaissance est une réponse à une question"

On 22/07/2008, at 10:50, "Sivasubramanian Muthusamy" <isolatedn at gmail.com 
 > wrote:

> Hello Alessndro,
>
> The phrase "hack into all customer computers" in my question that  
> was part of m email to Airtel months ago was more of an angry  
> expression as an independent, individual customer. It was a message  
> that I wrote when I was very angry.
>
> Had this been in the context of an isoc communication, I would have  
> phrased it more appropriately. (An ISP wouldn't achieve anything by  
> hacking into ALL customer computers, but if they want they can  
> selectively hack in-depth, for which they have the technical  
> superiority and the ability to monitor and control)
>
> The internet connection works with some specific settings. These  
> settings are designed for modems from the ISP's "approved list" of  
> modems-  I have one provided by the ISP on a monthly rental of $2.5  
> which has a universal user name and password. 90% of the home users  
> use the modem with default settings and the ISPs do not bother to  
> educate them to change the modem password, which is a multi-step  
> process that one has to learn from a phone call to customer support.
>
> As you say, may be they have modified the settings of my modem. I  
> don't know about the various technical possibilities. Through the  
> modem or by some other back door, this ISP had some way of  
> overriding the browser settings. I have a screen shot of the page  
> that loaded (attached) and a text file of what I noted down from the  
> page properties including the source code copied from a file that  
> was saved as a .pl file.  This is not much, but might an expert  
> determine how this unsolicited web page popped up.
>
> I have had other instances of intrusion attempts of indeterminate  
> origin. But this particular issue is caused by the ISP, which was  
> simply not taken note even after repeatedly raising this issue. I  
> have once even raised concerns about noticeable parallel wiring  
> which was also unattended.
>
> Yes, I must be careful, may be even set up a decoy or a honey pot to  
> record logs. In the absence of these measures all that I could  
> immediately do is to work out of a computer with Solaris, an O/S  
> that is a little unfamiliar for the local hackers to tamper with.
>
> There is not much of a choice of ISPs in small towns in India. So I  
> continue.
>
> (The bright side is that such experience of helplessness has given  
> me one or two additional points to cover in a paper that I am  
> drafting on Internet Rights)
>
> S
>
>
>
> On Tue, Jul 22, 2008 at 12:45 AM, Alejandro Pisanty <apisan at servidor.unam.mx 
> > wrote:
> S.,
>
> have you ascertained fully that your computer has been hacked into  
> by the ISP, or is there some other form of interception, on the  
> network, occurring?
>
> The scenario of the ISP hacking into all of its users' computers  
> seems highly unlikely to me. And, you should have available - as an  
> ISOC Chapter! - the services of someone knowledgeable in computer  
> forensics to check your computer, as well as to set up a decoy where  
> logs are kept of all activity, etc. to prove this hacking beyond any  
> doubt.
>
> What is less unlikely is that they have modified configurations in  
> your (ADSL or other technology) modem. That would be a different  
> story, though many of us would raise hell and call it "pharming" if  
> it was an egregious enough redirection of the DNS calls.
>
> Beyond that: other than in closed networks, like a hotel's, no-one  
> should stand between you and the DNS. But then, no-one should stand  
> between you and the Internet... unless you have accepted it in the  
> small print of your contract with your ISP (Arnoud: this applies to  
> your response as well.)
>
>
> Yours,
>
> Alejandro Pisanty
>
>
> .   
> .   
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .  .  .
>     Dr. Alejandro Pisanty
> UNAM, Av. Universidad 3000, 04510 Mexico DF Mexico
>
> Tels. +52-(1)-55-5105-6044, +52-(1)-55-5418-3732
>
> *Mi blog/My blog: http://pisanty.blogspot.com
> *LinkedIn profile: http://www.linkedin.com/in/pisanty
> *Unete al grupo UNAM en LinkedIn, http://www.linkedin.com/e/gis/22285/4A106C0C8614
>
> ---->> Unete a ISOC Mexico, http://www.isoc.org
>  Participa en ICANN, http://www.icann.org
> .   
> .   
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
>
>
> On Mon, 21 Jul 2008, Sivasubramanian Muthusamy wrote:
>
> Date: Mon, 21 Jul 2008 21:31:11 +0530
> From: Sivasubramanian Muthusamy <isolatedn at gmail.com>
> To: Gilles Massen <gilles at isoc.lu>
> Cc: chapter-delegates at elists.isoc.org,
>
>    Patrick Vande Walle <patrick at vande-walle.eu>
> Subject: Re: [Chapter-delegates] Canadian ISP Rogers violates net  
> neutrality
>
>        by hijacking failed DNS lookups
>
> Hello Alejandro,
>
> 1.  I followed the original link and from there tried to go to
> http://www.digitalhome.ca/forum/forumdisplay.php?f=28 or to page
> http://www.digitalhome.ca/forum. Both pages returned a 403 error.
>
> 2.  My ISP is Bharti AIRTEL,  I have noticed a more serious issue of a
> possible backdoor intrusion by the ISP, which is a possible breach of
> consumer privacy. This ISP - Airtel Broadband  is evidently in a  
> position to
> control the browser in MY COMPUTER to take over my browser to  
> redirect any
> URL to an Airtel page that says you are temporarily disconnected  
> ( The ISP's
> tolerance for late payments even for long standing subscribers is  
> not even a
> day past the due date, which is sometimes missed )
>
> I have asked them in several repeated email messages
>
> a) How did you get into my computer to override my browser home page
> settings ?
> b) What gives you the right to do that ?
> c) If you can do as much of a hack in all customer computers as to
> override the browser settings and ensure that any address typed in the
> address bar takes the browser to
> http://203.145.184.29/cgi-bin/airtel/frontpage.pl, what else couldn't
> you have done ?
>
> This issue was raised in several repeated email messages, routinely
> acknowledged but was conveniently left unanswered. In India Consumer  
> Forums
> are grossly inadequate and largely controlled or influenced by the
> Industrial groups; Consumer legislation, the judicial process are
> inadequate, so these large companies simply brush aside any  
> communication
> that questions their ways of working
>
> Sivasubramanian M.
>
>
>
> On Mon, Jul 21, 2008 at 7:05 PM, Gilles Massen <gilles at isoc.lu> wrote:
>
> Alejandro, Patrick, et al,
>
> There are more and more ISPs that tweak their DNS servers to return  
> an IP
> address when they should return that a name does not exist. Rogers  
> is only
> the last on a growing list.
>
> Personally, I'd never accept that behaviour from my ISP, I'd either  
> change
> or
> work around it (with services like OpenDNS, where you can at least  
> opt-out
> from such an 'enhanced user experience').
>
> Verisign was the same idea on another level, and you could not  
> easily work
> around it, so I'm quite happy that that's gone.
>
> But let's face it: net neutrality is slowly disappearing...be it by
> changing
> the content of DNS replies, or by treating P2P traffic differently. To
> many 'optimisations' do simply that: manipulate what's on the wire.
>
> Best,
> Gilles
>
>
>
>
> On Monday 21 July 2008 01:54, Alejandro Pisanty wrote:
> Patrick,
>
> reminds me of the spat on wildcards with Verisign some years ago.  
> Quoting
> it could be a good precedent Rogers clients may want to use. Rogers  
> may
> not want to get into a similar mess.
>
> Yours,
>
> Alejandro Pisanty
>
>
> .   
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .  .
>  .
>      Dr. Alejandro Pisanty
>
>
> On Sun, 20 Jul 2008, Patrick Vande Walle wrote:
> Date: Sun, 20 Jul 2008 21:57:11 +0200
> From: Patrick Vande Walle <patrick at vande-walle.eu>
> To: isoc Chapter Delegates <chapter-delegates at elists.isoc.org>,
>    ISOC Extended Board <isoc-ext-board at elists.isoc.org>
> Subject: [Isoc-ext-board] Canadian ISP Rogers violates net neutrality
> by
>    hijacking failed DNS lookups
>
> http://www.digitalhome.ca/content/view/2689/206/
>
> In what appears to be a violation of Net Neutrality by Rogers Cable,
> Digital Home readers are reporting that Rogers High Speed Internet
> service has begun redirecting customers "Server not found pages" to
> webpages laden with Rogers advertising.
>
> See original link for more details and screenshots.
>
> --
> Patrick Vande Walle
>
>
> <airtel.jpg>
> <airtel intrusion>
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> http://elists.isoc.org/mailman/listinfo/chapter-delegates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20080722/c8f6c6d6/attachment.htm>