Home » Blogs » deekayen's blog

DNS hijacking opt-out

CTC was bought by Windstream and as evidence that they've started converting the CTC network to Windstream, when I went to a down website today, I was redirected to ww23.entry-not-found.com. Since it's Windstream branded and other people have reported it, I don't think I've been rooted. I have already complained.

If you're concerned about your DNS having the same problem, for now I apt-get install bind9 and changed my DNS from my dd-wrt box (which is using Windstream DNS servers) to 127.0.0.1.

Then in /etc/hosts I set entry-not-found.com and ww23.entry-not-found.com to resolve to 127.0.0.1.

When I asked Windstream about it, they offered an opt-out alternative:

In response to your concern, Windstream recently implemented a new feature to aid the majority of our customers experiencing issues while browsing websites. When a customer types in an incorrect web address, this feature now redirects the customer to a list of possible websites they were trying to access instead of giving the generic "Page Cannot Be Displayed." Because a majority of our customers thought to believe our service had disconnected, this change was made. However, we have seen a few examples with this that is causing a small part of our customers to be unable to access specific sites. Currently, the only way to bypass this feature is to set the opt out DNS servers into your Local Area Connection. The DNS servers are as follows:

Primary DNS Server: 166.102.165.32
Secondary DNS Server: 207.91.5.32

From the namebench.cfg file of namebench here is the Comcast opt-out list:

68.87.64.146=Comcast East Opt-Out US
68.87.68.162=Comcast Woodstock Opt-Out US
68.87.69.146=Comcast Beaverton Opt-Out US
68.87.71.226=Comcast Chelmsford Opt-Out US
68.87.72.130=Comcast Chicago Opt-Out US
68.87.73.242=Comcast Manassas Opt-Out US
68.87.74.162=Comcast Bonita Springs Opt-Out US
68.87.75.194=Comcast Pittsburgh Opt-Out US
68.87.76.178=Comcast San Jose Opt-Out US
68.87.77.130=Comcast Michigan Opt-Out US
68.87.78.130=Comcast Salt Lake City Opt-Out US
68.87.85.98=Comcast West Opt-Out US

Earthlink:

207.69.188.171=Earthlink Opt-Out US
207.69.188.172=Earthlink Opt-Out US

Verizon:

68.237.161.14=Verizon NY Opt-Out US
68.238.112.14=Verizon NC Opt-Out US

AttachmentSize
DD-WRT configuration with alternate DNS servers18.78 KB


Submitted by deekayen on Fri, 07/04/2008 - 1:43pm
» deekayen's blog · Printer-friendly version Topics: · · ·

A fix for Windstream

Submitted by Anonymous on Fri, 01/21/2011 - 10:17am.

Windstream find.searchassist.com incorrect web address redirecting.

After doing a little searching, I figured out how to fix this problem for Windstream. Type in an invalid web address and let it redirect you to the http://find.searchassist.com/landing.jsf?

At the very bottom right side of this page, click on "about this page". This will take you to another page. On this page, you should see "If you would like to Opt Out of this service, please click here". Click on the "here" link. I was then redirected to http://east-search.windstream.net/options which gave me several search provider options and "NONE -- DNS Error Page". I personally prefer to go to a DNS error page so I chose that. BAM!!! Problem fixed. I hope this will help some other people.

reply

Charter doing it?

Submitted by Anonymous on Sun, 01/02/2011 - 3:14am.

Perhaps I have a trojan. SuperSpyWare Free Edition isn't finding anything though, so I think it's Charter. I'm not getting "host not found" when I try to go to a webpage that does not exist, and I find this highly irritating. For example, when I typed sfasdfas.com I got:

http://searchassist.teoma.com/landing.jsf?p=cnksver&q=sfasdfas.com&rs=sf...

How the heck am I being redirected to a Teoma search?

reply

opendns

Submitted by Shrop (not verified) on Wed, 07/16/2008 - 11:02pm.

Check out opendns.com. You can point your dd-wrt router to their dns servers and say bye bye to Windstream's tricks.

Shrop

reply

same thing

Submitted by deekayen on Thu, 07/17/2008 - 1:14am.

They do the same thing though. When I get a failed DNS lookup, they have to fund their service by showing an search result ad page to me. It turned out when I complained to Windstream that they had opt-out DNS servers, so I have actual failed pages when a domain doesn't exist now.

reply

Charter was planning to do even more

Submitted by rjmolesa (not verified) on Mon, 07/07/2008 - 9:05am.

Charter had plans to data mine all their customer's traffic and present ads that were suited to what they are surfing at the time. We should all be very interested in ways to protect our surfing patterns from our ISP's. The first link is an article explaining what they were planning to do. The second link explains that they have since abandoned the plans. What I can't figure out though is how they intended to deliver the ads to their customers. We're they going to replace the ads on sites that you visit with their own ads? Doesn't this make the ISP behave more like spyware?

http://www.hackaday.com/2008/06/25/charter-abandons-packet-monitoring-ad...

http://webworkerdaily.com/2008/06/24/charter-cancels-nebuad/

reply

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <hr /> <a> <p> <em> <strong> <cite> <code> <blockquote> <ul> <ol> <li> <dl> <dt> <dd>
  • Web page addresses and e-mail addresses turn into links automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.