[Cialug] DNS Hijacking

Tim Wilson tim_linux at wilson-home.com
Thu Aug 6 09:23:55 CDT 2009 

On Thu, Aug 6, 2009 at 9:11 AM, Matthew Nuzum <newz at bearfruit.org> wrote:

> On Thu, Aug 6, 2009 at 7:07 AM, Jerry Heiselman <jerry at heiselman.com>wrote:
>
>> Seems like pretty much everyone is doing this now.  I don't really have a
>> problem with it as a customer so long as the landing page is clearly marked.
>>
>
> There are two reasons to do this. One is because the user experience for a
> failed domain is not very helpful by the browsers. It's usually just a
> "FAIL: Try again" type of message. The redirection pages often are
> helpful... "did you mean..." and a list of possible matching pages from a
> search engine. This gives the ISP a chance to look like a hero because they
> get to help the lost user which improves their brand and customer loyalty.
>

>
> Another reason to do this is because you can make a fair bit of money.
> Interestingly, there are a couple different ways to layout a search results
> page. I've been working with Google and Mozilla on this subject and they
> have given me some great tips on how to maximize revenue. A main way is to
> put ads above the search results (assuming the ads are relevant which they
> usually are with Google's text ads). What's interesting is that the pages by
> the ISPs I've seen often aren't optimized for maximum revenue. Maybe that's
> because they're main motivation is to help users, or maybe it's because they
> just don't know.
>
> I think it really may be that they're trying to help users.
>

The problem is, people typically don't like change.  Sure, it might be
helpful to noobs, but to those who have seen the error page before and know
how to handle it, a new page popping up could just confuse them.  Or worse
yet, mask the fact that they have some malware because the malware does
something similar.

Regarding resistance to change, I finally upgraded my wife's Firefox from
1.5.x to 3.5.x.  When attempting to connect to a site where the security
certificate didn't match the domain, Firefox put up a different message
that, at first glance, looked like something I should press "dismiss" on.
It wasn't immediately clear what the problem was.  I was used to the old way
of doing things, and the new way was confusing.  Now put an average Joe in
front of the screen, and what's their response going to be?  Call tech
support!


>
> Now an interesting related point is that this service breaks samba in
> Debian and Ubuntu. See https://bugs.launchpad.net/bugs/189168
>
> The workaround is simple on Ubuntu but it's been deemed that we shouldn't
> do this by default in part because in principle it's wrong for ISPs to fail
> to return NXDOMAIN for invalid hostnames.
>
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin, identi.ca and twitter
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>


-- 
Tim
Required reading: http://bccplease.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20090806/6e71b973/attachment.htm

More information about the Cialug mailing list