ISP redirect page

Last updated

An ISP redirect page is a spoof page served by major ISPs including: Cox Communications, [1] Embarq, Verizon, Rogers, Earthlink, and various others when World Wide Web users enter an invalid DNS name.[ citation needed ]

Contents

If a user types in an incorrect Uniform Resource Locator (URL), for example http://wikipedia.orf instead of http://wikipedia.org, the ISP's DNS server will respond with a spoofed DNS response that redirects the user to an advertising web page.

How it works

Domain Name System (DNS) resolution is the process of translating a human-readable domain name (for example, en.wikipedia.org) into an IP address that computers can use. Every ISP runs a DNS server to allow their customers to translate domain names into IP addresses that computers understand and use. When an ISP's DNS server receives a request to translate a name, according to RFC the DNS server should return the associated IP address to the customer's computer which is then able to connect to the requested resource.

When the ISP's DNS server receives a request for a name that is not recognized or is unavailable, some ISPs spoof the NX (null) response and instead return the IP address of a search or advertising page to the client. When the client is using a web browser, this will display a search page that contains possible suggestions on the proper address and a small explanation of the error. These search pages often contain advertising that is paid to the ISP.

Sometimes, a customer can opt-out of this service, but the opt-out is frequently not implemented at the same layer as the spoofing. Opt-out procedures vary from ISP to ISP in both their method of implementation and effectiveness.

Consequences

ISPs have written that redirect pages are intended to help lost users. ISP customers have complained that the pages are instead misleading to users, and that their purpose is to generate advertising revenue for the ISP. The practice has been controversial since ISP redirect pages were introduced in 2006. [2]

ISP redirects can fool the ping networking utility. Ping may falsely report that a website is responsive when in truth it is unavailable but redirected. [3] ISP redirects also interfere with web archiving tools like ArchiveTeam Warrior [4]

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">Denial-of-service attack</span> Cyber attack disrupting service by overloading the provider of the service

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As of 2017, 330.6 million domain names had been registered. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by e-mail

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

<span class="mw-page-title-main">Captive portal</span> Web page displayed to new users of a network

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file. Originally a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984, automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

In the Domain Name System (DNS) hierarchy, a subdomain is a domain that is a part of another (main) domain. For example, if a domain offered an online store as part of their website example.com, it might use the subdomain shop.example.com.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer.

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. David Barr published an opinion in RFC 1912 (Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself.

Distributed denial-of-service attacks on root nameservers are Internet events in which distributed denial-of-service attacks target one or more of the thirteen Domain Name System root nameserver clusters. The root nameservers are critical infrastructure components of the Internet, mapping domain names to IP addresses and other resource record (RR) data.

A shared web hosting service is a web hosting service where many websites reside on one web server connected to the Internet. The overall cost of server maintenance is spread over many customers. By using shared hosting, the website will share a physical server with one or more other websites.

<span class="mw-page-title-main">OpenDNS</span> Domain name system provided by Cisco using closed-source software

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

Paxfire, Inc. was a startup based in Reston, Virginia founded by Mark Lewyn, a former USA Today tech reporter, and Alan Sullivan. The company filed for bankruptcy in December 2012.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

DNSChanger is a DNS hijacking Trojan. The work of an Estonian company known as Rove Digital, the malware-infected computers by modifying a computer's DNS entries to point toward its own rogue name servers, which then injected its own advertising into Web pages. At its peak, DNSChanger was estimated to have infected over four million computers, bringing in at least US$14 million in profits to its operator from fraudulent advertising revenue.

Domain Name System blocking, or DNS blocking / filtering is a strategy for making it difficult for users to locate specific domains or websites on the Internet. It was first introduced in 1997 as a means to block spam email from known malicious IP addresses.

References

  1. Bode, Karl (19 May 2007). "Cox Tests DNS Redirection" . Retrieved 17 August 2022.
  2. Bode, Karl (April 8, 2006). "DSLExtreme Scraps Redirect Service". DSLReports. Retrieved January 26, 2021.
  3. Gookin, Dan (2009). Troubleshooting and Maintaining Your PC All-in-One Desk Reference For Dummies. Wiley. p. 394. ISBN   9780470477953.
  4. "ArchiveTeam Warrior". ArchiveTeam. Retrieved January 26, 2021.