This page contains all of the posts and discussion on MemeStreams referencing the following web page: Charter fucks with DNS. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.
Charter fucks with DNS by Acidus at 9:29 pm EDT, May 11, 2008
I was working on a project and noticed some odd DNS behavior. Behold:
C:\Documents and Settings\hoffmabi>nslookup google.com
Server: 24-197-160-17.static.gwnt.ga.charter.com
Address: 24.197.160.17
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: google.com
Addresses: 64.233.187.99, 64.233.167.99, 72.14.207.99
C:\Documents and Settings\hoffmabi>nslookup www.memestreams.net
Server: 24-197-160-17.static.gwnt.ga.charter.com
Address: 24.197.160.17
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: memestreams.net
Address: 72.9.237.202
Aliases: www.memestreams.net
C:\Documents and Settings\hoffmabi>nslookup shouldnotresolvefoooooo.com
Server: 24-197-160-17.static.gwnt.ga.charter.com
Address: 24.197.160.17
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: shouldnotresolvefoooooo.com
Addresses: 64.158.56.56, 63.251.179.56
C:\Documents and Settings\hoffmabi>nslookup fuckyoucharterthisshouldntresolve.com
Server: 24-197-160-17.static.gwnt.ga.charter.com
Address: 24.197.160.17
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: fuckyoucharterthisshouldntresolve.com
Addresses: 64.158.56.56, 63.251.179.56
Fuck! Charter is trying to be helpful and resolving all hostnames, even those that don't really exist. Instead of doing what they are supposed to do and returning an error that thissitedoesnotexistatall.com doesn't resolve, they are lying to me and my project and telling me it does. Hello again SiteFinder didn't we stop all this bullshit 5 years ago?
So, I try this with craziness in a web browser and I get this helpful page:
The search results on the prior page were provided because the domain name you entered into the address bar is either improperly formatted, currently unavailable, nonexistent, or part of a keyword search. This service is designed to enhance your web surfing experience
Only its not, it messing up my program because things that should not exist are being reported as existing!... ... [Grrrrrrrrrrrr]
Note: In order for opt-out to work properly, you need to accept a "cookie" indicating that you have opted out of this service. If you use a program that removes cookies, you will have to repeat this opt-out process when the cookie is deleted. The cookie placed on your computer will contain the site name: ".charter.net".
Great, just freaking great. There is no way to turn it off. They are always going to resolve the non-existent hostname, and then do an HTTP 302 redirect to their bullshit captive portal, only to then see a cookie that tells them to give me an error page, which is an HTML page made to look like Internet Explorers default DNS error page.
Way to consider programs that do DNS resolution that don't use HTTP.
I hate Charter so much right now.
Update They are doing very odd things. At first it seemed they are only doing this with domains directly off a TLD. So the non-existent dfklsdfaklsdafkldafkl.com resolves but the non-existent foobar.verisign.com does not. However the non-existent Fdsafdsfdsafdsa.google.com resolves.
God damn idiots.
In an odd bit of humor, their mocked up IE DNS error page is all messed up. First, it doesn't display images in in anything other than IE because they are using the res:// protocol. I hope Microsoft fucking sues them for using the IE DNS error page word for word.
RE: Charter fucks with DNS by CypherGhost at 10:19 am EDT, May 12, 2008
Hmm. How much do you want to bet the dumbasses that did this also left an XSS vulnerability on this web page? If so, they just made it pretty easy to become any host that doesn't exist. I expect you will be "online.bankofamerica.com" and "500dollarcredit.charter.net" before lunch :)
RE: Charter fucks with DNS by Dagmar at 4:34 pm EDT, May 14, 2008
CypherGhost wrote: Hmm. How much do you want to bet the dumbasses that did this also left an XSS vulnerability on this web page? If so, they just made it pretty easy to become any host that doesn't exist. I expect you will be "online.bankofamerica.com" and "500dollarcredit.charter.net" before lunch :)
That would be a bad bet to make because it's already been published a few times that this crap leads fairly directly to XSS problems of all sorts.
Hell, it could even be argued that returning phony results for subdomains owned by other organizations amounts to things like fraud, trademark dilution, and possibly even sabotage since this is a broken thing to do to otherwise correctly functioning domains owned by someone else.
RE: Charter fucks with DNS by CypherGhost at 10:04 am EDT, May 16, 2008
Hell, it could even be argued that returning phony results for subdomains owned by other organizations amounts to things like fraud, trademark dilution, and possibly even sabotage since this is a broken thing to do to otherwise correctly functioning domains owned by someone else.
That's a fantastic point! I'll have to kick them out a C&D letter for Lanham Act violations :)
Charter Communications, one of the nation's largest ISPs, plans to begin eavesdropping on the web surfing of its customers, in order to help web advertisers deliver targeted ads.
It's a really sad day when I'm happy about having Comcast at home. Like, a downright fucking devastating day. Being a pansy about bittorrent doesn't seem that bad in comparison to having madison ave's version of the NSA trying to place ads based on my porn surfing habits.
"Browsing the web can become more like flipping through your favorite magazine, where you see ads that are appealing to you and enhance your enjoyment and the utility of the experience," the company's letters read.
Charter's system appears to be similar to a targeted advertising system in the U.K. developed by Phorm, a London company with alleged spyware roots.
He described the system as capable of noticing when a user visits Honda.com or Toyota's website, for example, so that when the user visits unrelated sites, he or she will be treated to automotive-related ads.
Charter is partnering with a company called NebuAD to build profiles of its users. NebuAD will share the behavioral tracking results with third-party advertising networks like DoubleClick. Users can opt out of the system, but have to give their full name and address to get an opt-out cookie. The process would have to be repeated for every browser on every computer in a home to block the service, and would have to be reset if cookies are ever deleted.
That sounds like some great IP transit you got there... Do you think you'll see ads for lawyers after owning someone's webapp? That would be rad.
Remember Billy, when driving through the Internet Ghetto, put the windows up, radio off, and seats down.
RE: Charter fucks with DNS by Acidus at 12:56 pm EDT, May 14, 2008
Rattle wrote: Remember Billy, when driving through the Internet Ghetto, put the windows up, radio off, and seats down.
When I drive through the Internet Ghetto my ports are open, my radio is pumping, and my all inputs be '/**/OR/**/5=5/*|id;cat</etc/p%61sswd%00<img src=x onerror=eval(location.hash.substring(1))>
RE: Charter fucks with DNS by Decius at 2:34 pm EDT, May 14, 2008
Acidus wrote:
Rattle wrote: Remember Billy, when driving through the Internet Ghetto, put the windows up, radio off, and seats down.
When I drive through the Internet Ghetto my ports are open, my radio is pumping, and my all inputs be '/**/OR/**/5=5/*|id;cat
Whord! Rattle's strategy just screams "Come get me I'm a victim." You come creepn' through my hood with your radio down and we'll pull your flink and blink, bitch!
RE: Charter fucks with DNS by Dagmar at 4:30 pm EDT, May 14, 2008
I'm just shocked they think they can do this without getting sued by web publishers. Without implicit consent, there's a pretty good chance they're going to be tampering with other people's copyrighted content without their permission. ...people who might object strenuously to having ads inserted into their pages for various reasons which might actually be contractual or organizational obligations.
I know if I hear someone pulled up the Dropline wiki and found a bunch of ads (or even one) on it, I'm going to be pretty likely to cost whoever did it a little money by calling up said organization and seeing if I can make a stranger cry and possibly quit her job.