Differences

This shows you the differences between two versions of the page.

--- abusive_isps [2017-04-07T05:32:44Z] – created fusl
+++ abusive_isps [2019-01-27T17:34:25Z] – fusl
@@ Line 1: / Line 1: @@
-##### Abusive ISPs #####
+====== Abusive ISPs ======
 These are Internet Service Providers that have been found to tamper with your DNS (or OpenNIC related) traffic, do note that this list is only for previously mentioned abuse, nothing else.
-### Is my ISP intercepting DNS traffic? ###
+==== Is my ISP intercepting DNS traffic? ====
 Some abusive ISPs will intercept DNS traffic on port 53 and return results from their own servers instead. This makes access to alternative TLDs difficult, and is a privacy concern as it allows the ISPs to carry out more detailed logging of the domains you resolve.
@@ Line 13: / Line 14: @@
   .	58346	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2015080300 1800 900 604800 86400
-You can see from the returned SOA above that the DNS request has been hijacked by the ISP as 'a.root-servers.net' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests.
+You can see from the returned SOA above that the DNS request has been hijacked by the ISP as ''a.root-servers.net'' is not an OpenNIC DNS server. If the SOA you get looks more like the one below, then your ISP is probably not hijacking your DNS requests.
 Now try again on the alternative port:
@@ Line 21: / Line 22: @@
   .	86319	IN	SOA	ns0.opennic.glue. hostmaster.opennic.glue. 2015080301 1800 900 604800 3600
-You can see that the SOA returned is OpenNIC's, meaning no hijacking has taken place on the alternative port. If this result differs from the previous result, then your ISP is likely to be hijacking DNS.
+You can see that the SOA returned is OpenNIC's, meaning no hijacking has taken place on the alternative port. If this result differs from the previous result or the first result times out with ''connection timed out; no servers could be reached'', then your ISP is likely to be hijacking DNS.
-### What can I do about it? ###
+==== What can I do about it? ====
 Please refer to the answer of [[https://unix.stackexchange.com/questions/144482/|this question]] to use iptables to reroute your DNS traffic to an alternative port on an OpenNIC server. Remember to change the server's IP address.
 You could also contact your ISP to complain about their use of DNS hijacking.
-### Abusive ISP List ###
+==== Abusive ISP List ====
 This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below.
+^ Country        ^ ISP            ^ Reported   ^ Source                     ^ DPI ^ Level                            ^ Notes ^
+| Taiwan         | HiNet          | 2019-01-16 | [[user:fusl]]              | no  | blocking of selective domains    | Returns NXDOMAIN for some very specific domains, hijacking common public DNS resolvers like Google, OpenDNS and CloudFlare, Quad9 seems to be unaffected |
+| Austria        | 3 / drei.at    | 2018-01-28 | [[user:fusl]]              | no  | NXDOMAIN search engine redir     | NXDOMAIN redirect to ''213.94.80.190'', {{:abusive_isps:h3gat.txt|proof}} |
+| -              | Vultr/Choopa   | 2017-11-03 | [[user:fusl]]              | yes | blocking of selective domains    | [[https://en.wikipedia.org/wiki/Deep_packet_inspection|DPI]] on UDP/53, blocks any DNS request containing the text ''minexmr.com.'' in the query name ({{:abusive_isps:vultr.png?linkonly|proof}}) |
+| United States  | CenturyLink    | 2017-08-28 | //some user// on #opennic  | no  | NXDOMAIN search engine redir     | Reproduced by [[:user:fusl]] - NXDOOMAIN redirect to ''198.105.244.23'' and ''198.105.245.23'' which redirects to ''http://webhelper.centurylink.com/index.php?origURL=opennic&r=&bc='' |
+| Peru           | Bitel          | 2017-06-23 | Tedel on #opennic          | ?   | ?                                | {{:abusive_isps:bitel.txt|IRC conversation log}} |
+| United States  | AT&T           | 2017-03-27 | //news//                   | no  | NXDOMAIN search engine redir     | http://www.att.net/dnserrorassist/about/ ({{:abusive_isps:att1.png?linkonly|screenshot}}), https://forums.att.com/t5/AT-T-Internet-Features/ATT-DNS-Assist-Page/td-p/5108480 ({{:abusive_isps:att2.png?linkonly|screenshot}}) |
+| United States  | T-Mobile US    | 2015-07-20 | thefinn93 on reddit        | no  | NXDOMAIN search engine redir     | https://www.reddit.com/r/tmobile/comments/3dyk1h/how_do_i_turn_of_nxdomain_hijacking/ |
+| Indonesia      | Telkom         | 2015-04-27 | //blog post//              | ?   | ?                                | https://www.katyarina.com/artikel/item/36-bagaimana-internet-positif-telkom-bekerja.html |
+| United States  | Sprint         | 2014-09-05 | sanityvampire on reddit    | no  | NXDOMAIN search engine redir     | https://www.reddit.com/r/Sprint/comments/2fl6pk/are_sprint_3g_and_4g_towers_hijacking_nxdomain/ |
+| United States  | CenturyLink    | 2011-12-21 | DSLReports Forums user     | no  | NXDOMAIN search engine redir     | [[https://www.dslreports.com/forum/r26682725-|other report]] |
+| Spain          | ONO            | 2010-05-10 | //blog post//              | no  | NXDOMAIN search engine redir     | Allowed cross-site-scripting attacks, http://www.iniqua.com/2010/05/10/nxdomain-redirect-xss/ |
+| Australia      | Telstra        | 2009-11-20 | //news//, CRN Australia    | no  | NXDOMAIN search engine redir     | [[https://www.crn.com.au/news/bigpond-redirects-typos-to-unethical-branded-search-page-160923|news article]] |
+| United States  | RCN            | 2009-10-13 | //blog post//              | no  | NXDOMAIN search engine redir     | https://infiniteedge.blogspot.com/2009/10/who-stole-my-web-browser.html |
+| United States  | Mediacom       | 2009-09-25 | YourName on reddit         | no  | redirection of selective domains | Redirects ''search.live.com'' to own search engine, https://web.archive.org/web/20100303205850/http://www.reddit.com:80/r/programming/comments/9o3as/want_a_real_world_example_of_why_we_need_network |
+| Canada         | Bell Internet  | 2009-08-04 | timothy on Slashdot        | no  | NXDOMAIN search engine redir     | https://tech.slashdot.org/story/09/08/04/1512248/Bell-Starts-Hijacking-NX-Domain-Queries |
+| United States  | Comcast        | 2009-07-28 | //news//                   | no  | search engine redir              | http://www.theregister.co.uk/2009/07/28/comcast_dns_hijacker/, [[http://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down|disabled in August 2009]] |
+| Germany        | T-Online       | 2009-04-09 | -                          | no  | search engine redir              | https://telekomhilft.telekom.de/t5/Browser/Neues-Leistungsmerkmal-Navigationshilfe/m-p/568909#M1622 |
+| United States  | Optimum Online | 2008-09-25 | -                          | no  | search engine redir              | [[https://web.archive.org/web/20090813095417/http://www.optimum.net/Article/DNS|Optimum Online - DNS Assistance]] |
+| Canada         | Rogers         | 2008-07-20 | //news//                   | no  | ad content injection             | http://www.dslreports.com/shownews/Rogers-Uses-Deep-Packet-Inspection-for-DNS-Redirection-96239 |
+| Australia      | Telstra        | 2008-03-15 | //blog post//              | no  | dns redirection                  | https://archive.is/20101210140523/http://jeffturner.net/2008/03/road-runner-dns-hijack-causing-slow-web-pages/ |
+| United States  | Verizon        | 2007-06-21 | -                          | no  | search engine redir              | https://www.verizon.com/support/residential/internet/home-network/settings/opt-out-of-dns-assist |
+| United Kingdom | TalkTalk       | FIXME      | -                          | no  | search engine redir              | http://error.talktalk.co.uk/main?FailureMode=14&LinkType=1 |