abusive_isps

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
abusive_isps [2019-01-27T17:57:56Z] – [Abusive ISP List] fuslabusive_isps [2019-06-09T21:21:56Z] (current) – [Abusive ISP List] fusl
Line 8: Line 8:
 Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs. Some OpenNIC DNS servers also listen on an alternative port (generally 5353) which is less likely to be tampered with by ISPs.
  
-To test if an ISP is tampering with DNS traffic, you can use the dig command from the dnsutils package. Select a server from the Tier 2 page which supports an alternative port. In my example I have used 106.186.17.181.  First, try querying for the root zone (.) on the default port:+To test if an ISP is tampering with DNS traffic, you can use the dig command from the ''dnsutils'' package. Select a server from the Tier 2 page which supports an alternative port. In my example I have used ''106.186.17.181''.  First, try querying for the root zone (''.'') on the default port:
  
   dig SOA . @106.186.17.181   dig SOA . @106.186.17.181
Line 32: Line 32:
 This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below. This list is very incomplete. If you are certain that your ISP is hijacking DNS or is involved in other questionable practices, please add it below.
  
-^ Country        ^ ISP            Reported   ^ Source                     ^ DPI ^ Level                            ^ Notes ^ +^ Country        ^ ISP       Earliest report ^ Last seen  ^ Source                     ^ DPI ^ Level                            ^ Notes ^ 
-| Taiwan         | HiNet          | 2019-01-16 | [[user:fusl]]              | no  | blocking of selective domains    | Returns NXDOMAIN for some very specific domains, hijacking common public DNS resolvers like Google, OpenDNS and CloudFlare, Quad9 seems to be unaffected | +| Taiwan         | HiNet          | 2019-01-16 |            | [[user:fusl]]              | no  | blocking of selective domains    | Returns NXDOMAIN for some very specific domains, hijacking common public DNS resolvers like Google, OpenDNS and CloudFlare, Quad9 seems to be unaffected | 
-| Austria        | 3 / drei.at    | 2018-01-28 | [[user:fusl]]              | no  | NXDOMAIN search engine redir     | NXDOMAIN redirect to ''213.94.80.190'', {{:abusive_isps:h3gat.txt|proof}} | +| Austria        | 3 / drei.at    | 2018-01-28 |            | [[user:fusl]]              | no  | NXDOMAIN search engine redir     | NXDOMAIN redirect to ''213.94.80.190'', {{:abusive_isps:h3gat.txt|proof}} | 
-| -              | Vultr/Choopa   | 2017-11-03 | [[user:fusl]]              | yes | blocking of selective domains    | [[https://en.wikipedia.org/wiki/Deep_packet_inspection|DPI]] on UDP/53, blocks any DNS request containing the text ''minexmr.com.'' in the query name ({{:abusive_isps:vultr.png?linkonly|proof}}) | +| -              | Vultr/Choopa   | 2017-11-03 |            | [[user:fusl]]              | yes | blocking of selective domains    | [[https://en.wikipedia.org/wiki/Deep_packet_inspection|DPI]] on UDP/53, blocks any DNS request containing the text ''minexmr.com.'' in the query name ({{:abusive_isps:vultr.png?linkonly|proof}}) | 
-| United States  | CenturyLink    | 2017-08-28 | //some user// on #opennic  | no  | NXDOMAIN search engine redir     | Reproduced by [[:user:fusl]] - NXDOOMAIN redirect to ''198.105.244.23''+''198.105.245.23'' redirecting to ''http://webhelper.centurylink.com/index.php?origURL=<domain>&r=&bc='' |  +| United States  | CenturyLink    | 2017-08-28 |            | //some user// on #opennic  | no  | NXDOMAIN search engine redir     | Reproduced by [[:user:fusl]] - NXDOOMAIN redirect to ''198.105.244.23''+''198.105.245.23'' redirecting to ''http://webhelper.centurylink.com/index.php?origURL=<domain>&r=&bc='' |  
-| Peru           | Bitel          | 2017-06-23 | Tedel on #opennic          | ?   | ?                                | {{:abusive_isps:bitel.txt|IRC conversation log}} | +| United States  | Cox            | 2017-08-16 |            | -                          | yes | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190609211911/https://www.cox.com/residential/support/enhanced-error-results-service.html|Enhanced Error Results Service]]; albeit the official page states that opt-outs are possible, multiple reports show that users are struggling doing so: [[https://web.archive.org/web/20190609211537/https://forums.cox.com/forum_home/internet_forum/f/internet-forum/18528/dns-hijacking-a-k-a-enhanced-error-results|DNS Hijacking (A.K.A 'Enhanced Error Results')]], [[https://web.archive.org/web/20190609212050/https://forums.cox.com/forum_home/internet_forum/f/internet-forum/19672/cox-hijacking-dns-again|Cox Hijacking DNS again]] 
-| United States  | AT&          | 2017-03-27 | //news//                   | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127173703/http://www.att.net/dnserrorassist/about/|ETM Details with Opt-Out Option]] ({{:abusive_isps:att1.png?linkonly|screenshot}}), [[https://web.archive.org/web/20190127173856/https://forums.att.com/t5/AT-T-Internet-Features/ATT-DNS-Assist-Page/td-p/5108480|ATT DNS Assist Page - AT&T; Community]] ({{:abusive_isps:att2.png?linkonly|screenshot}}) | +| Peru           | Bitel          | 2017-06-23 |            | Tedel on #opennic          | ?   | ?                                | {{:abusive_isps:bitel.txt|IRC conversation log}} | 
-| United States  | T-Mobile US    | 2015-07-20 | thefinn93 on reddit        | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174032/https://www.reddit.com/r/tmobile/comments/3dyk1h/how_do_i_turn_of_nxdomain_hijacking/|How do I turn of NXDOMAIN hijacking? : tmobile]] | +| United States  | AT&          | 2017-03-27 |            | //news//                   | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127173703/http://www.att.net/dnserrorassist/about/|ETM Details with Opt-Out Option]] ({{:abusive_isps:att1.png?linkonly|screenshot}}), [[https://web.archive.org/web/20190127173856/https://forums.att.com/t5/AT-T-Internet-Features/ATT-DNS-Assist-Page/td-p/5108480|ATT DNS Assist Page - AT&T; Community]] ({{:abusive_isps:att2.png?linkonly|screenshot}}) 
-| Indonesia      | Telkom         | 2015-04-27 | //blog post//              | ?   | ?                                | [[https://web.archive.org/web/20190127174121/https://www.katyarina.com/artikel/item/36-bagaimana-internet-positif-telkom-bekerja.html|Bagaimana internet positif Telkom bekerja?]] | +| -              | Level3         | 2015-11-13 | 2019-06-09 | gorbilax on reddit         | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190609210007/https://www.reddit.com/r/networking/comments/3sm36w/level3_42214222_dns_servers_redirecting_to_search/|Level3 4.2.2.1/4.2.2.2 DNS servers redirecting to search page : networking]], NXDOMAIN redirect to ''23.202.231.167'' and ''23.217.138.108'' on their well-known ''4.2.2.1''-''4.2.2.6'' servers, {{:abusive_isps:level3.txt|proof}} 
-| United States  | Sprint         | 2014-09-05 | sanityvampire on reddit    | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174229/https://www.reddit.com/r/Sprint/comments/2fl6pk/are_sprint_3g_and_4g_towers_hijacking_nxdomain/|Are Sprint 3G and 4G towers hijacking NXDOMAIN responses? More information in comments... : Sprint] | +| United States  | T-Mobile US    | 2015-07-20 |            | thefinn93 on reddit        | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174032/https://www.reddit.com/r/tmobile/comments/3dyk1h/how_do_i_turn_of_nxdomain_hijacking/|How do I turn of NXDOMAIN hijacking?]] | 
-| United States  | CenturyLink    | 2011-12-21 | DSLReports Forums user     | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174357/https://www.dslreports.com/forum/r26682725-|Re: [Qwest] Opting out of CenturyLink Web Helper hijacking not w - CenturyLink | DSLReports Forums]] |  +| Indonesia      | Telkom         | 2015-04-27 |            | //blog post//              | ?   | ?                                | [[https://web.archive.org/web/20190127174121/https://www.katyarina.com/artikel/item/36-bagaimana-internet-positif-telkom-bekerja.html|Bagaimana internet positif Telkom bekerja?]] | 
-| Spain          | ONO            | 2010-05-10 | //blog post//              | no  | NXDOMAIN search engine redir     | Allowed cross-site-scripting attacks, [[https://web.archive.org/web/20180829123420/http://www.iniqua.com/2010/05/10/nxdomain-redirect-xss/|iniqua » Archive » XSS Reflected dnssearch.Ono.es NXD redirect]] | +| United States  | Sprint         | 2014-09-05 |            | sanityvampire on reddit    | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174229/https://www.reddit.com/r/Sprint/comments/2fl6pk/are_sprint_3g_and_4g_towers_hijacking_nxdomain/|Are Sprint 3G and 4G towers hijacking NXDOMAIN responses? More information in comments...]] | 
-| Australia      | Telstra        | 2009-11-20 | //news//, CRN Australia    | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174605/https://www.crn.com.au/news/bigpond-redirects-typos-to-unethical-branded-search-page-160923|BigPond redirects typos to 'unethical' branded search page - Collaboration - Networking - CRN Australia]] | +| United States  | CenturyLink    | 2011-12-21 |            | DSLReports Forums user     | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174357/https://www.dslreports.com/forum/r26682725-|Re: [Qwest] Opting out of CenturyLink Web Helper hijacking not working]] |  
-| United States  | RCN            | 2009-10-13 | //blog post//              | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174651/https://infiniteedge.blogspot.com/2009/10/who-stole-my-web-browser.html|InfiniteEdge: Who Stole My Web Browser?]] | +| Spain          | ONO            | 2010-05-10 |            | //blog post//              | no  | NXDOMAIN search engine redir     | Allowed cross-site-scripting attacks, [[https://web.archive.org/web/20180829123420/http://www.iniqua.com/2010/05/10/nxdomain-redirect-xss/|iniqua » Archive » XSS Reflected dnssearch.Ono.es NXD redirect]] | 
-| United States  | Mediacom       | 2009-09-25 | YourName on reddit         | no  | redirection of selective domains | Redirects ''search.live.com'' to own search engine, [[https://web.archive.org/web/20100303205850/http://www.reddit.com/r/programming/comments/9o3as/want_a_real_world_example_of_why_we_need_network|Want a real world example of why we need network neutrality? I have one here. : programming]] | +| Australia      | Telstra        | 2009-11-20 |            | //news//, CRN Australia    | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174605/https://www.crn.com.au/news/bigpond-redirects-typos-to-unethical-branded-search-page-160923|BigPond redirects typos to 'unethical' branded search page]] | 
-| Canada         | Bell Internet  | 2009-08-04 | timothy on Slashdot        | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174817/https://tech.slashdot.org/story/09/08/04/1512248/Bell-Starts-Hijacking-NX-Domain-Queries|Bell Starts Hijacking NX Domain Queries - Slashdot]] | +| United States  | RCN            | 2009-10-13 |            | //blog post//              | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174651/https://infiniteedge.blogspot.com/2009/10/who-stole-my-web-browser.html|InfiniteEdge: Who Stole My Web Browser?]] | 
-| United States  | Comcast        | 2009-07-28 | //news//                   | no  | search engine redir              | [[https://web.archive.org/web/20190127174926/https://www.theregister.co.uk/2009/07/28/comcast_dns_hijacker/|Comcast trials Domain Helper service DNS hijacker • The Register]], [[https://web.archive.org/web/20190127175005/https://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down|disabled in August 2009; Comcast Domain Helper Shuts Down]] | +| United States  | Mediacom       | 2009-09-25 |            | YourName on reddit         | no  | redirection of selective domains | Redirects ''search.live.com'' to own search engine, [[https://web.archive.org/web/20100303205850/http://www.reddit.com/r/programming/comments/9o3as/want_a_real_world_example_of_why_we_need_network|Want a real world example of why we need network neutrality? I have one here.]] | 
-| Germany        | T-Online       | 2009-04-09 | -                          | no  | search engine redir              | [[https://web.archive.org/web/20190127175144/https://telekomhilft.telekom.de/t5/Browser/Neues-Leistungsmerkmal-Navigationshilfe/m-p/568909|Neues Leistungsmerkmal 'Navigationshilfe' | Telekom hilft Community]] | +| Canada         | Bell Internet  | 2009-08-04 |            | timothy on Slashdot        | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174817/https://tech.slashdot.org/story/09/08/04/1512248/Bell-Starts-Hijacking-NX-Domain-Queries|Bell Starts Hijacking NX Domain Queries]] | 
-| United States  | Optimum Online | 2008-09-25 | -                          | no  | search engine redir              | [[https://web.archive.org/web/20090813095417/http://www.optimum.net/Article/DNS|Optimum Online - DNS Assistance]] | +| United States  | Comcast        | 2009-07-28 | 2012-01-01 | //news//                   | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127174926/https://www.theregister.co.uk/2009/07/28/comcast_dns_hijacker/|Comcast trials Domain Helper service DNS hijacker]], [[https://web.archive.org/web/20190127175005/https://corporate.comcast.com/comcast-voices/comcast-domain-helper-shuts-down|disabled 2012; Comcast Domain Helper Shuts Down]] | 
-| Canada         | Rogers         | 2008-07-20 | //news//                   | no  | ad content injection             | [[https://web.archive.org/web/20190127175250/http://www.dslreports.com/shownews/Rogers-Uses-Deep-Packet-Inspection-for-DNS-Redirection-96239|Rogers Uses Deep Packet Inspection for DNS Redirection - Is hijacking websites for advertising a violation of net neutrality? | DSLReports, ISP Information]] | +| Germany        | T-Online       | 2009-04-09 |            | -                          | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127175144/https://telekomhilft.telekom.de/t5/Browser/Neues-Leistungsmerkmal-Navigationshilfe/m-p/568909|Neues Leistungsmerkmal 'Navigationshilfe']] | 
-| Australia      | Telstra        | 2008-03-15 | //blog post//              | no  | dns redirection                  | [[http://web.archive.org/web/20101210140523/jeffturner.net/2008/03/road-runner-dns-hijack-causing-slow-web-pages/|Road Runner DNS hijack causing slow web pages | jeff turner]]| +| United States  | Optimum Online | 2008-09-25 |            | -                          | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20090813095417/http://www.optimum.net/Article/DNS|Optimum Online - DNS Assistance]] | 
-| United States  | Verizon        | 2007-06-21 | -                          | no  | search engine redir              | [[https://web.archive.org/web/20190127175444/https://www.verizon.com/support/residential/internet/home-network/settings/opt-out-of-dns-assist|Opt Out of DNS Assistance | Verizon Internet Support]] | +| Canada         | Rogers         | 2008-07-20 |            | //news//                   | no  | ad content injection             | [[https://web.archive.org/web/20190127175250/http://www.dslreports.com/shownews/Rogers-Uses-Deep-Packet-Inspection-for-DNS-Redirection-96239|Rogers Uses Deep Packet Inspection for DNS Redirection - Is hijacking websites for advertising a violation of net neutrality?]] | 
-| United Kingdom | TalkTalk       | FIXME      | -                          | no  | search engine redir              | [[https://web.archive.org/web/20181018224234/http://error.talktalk.co.uk/main?FailureMode=14&LinkType=1|About This Page - TalkTalk]] |+| Australia      | Telstra        | 2008-03-15 |            | //blog post//              | no  | dns redirection                  | [[http://web.archive.org/web/20101210140523/jeffturner.net/2008/03/road-runner-dns-hijack-causing-slow-web-pages/|Road Runner DNS hijack causing slow web pages]]| 
 +| United States  | Verizon        | 2007-06-21 |            | -                          | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20190127175444/https://www.verizon.com/support/residential/internet/home-network/settings/opt-out-of-dns-assist|Opt Out of DNS Assistance]] | 
 +| United Kingdom | TalkTalk       | FIXME      |            | -                          | no  | NXDOMAIN search engine redir     | [[https://web.archive.org/web/20181018224234/http://error.talktalk.co.uk/main?FailureMode=14&LinkType=1|TalkTalk Error Replacement Service]] |
  • /wiki/data/pages/abusive_isps.txt
  • Last modified: 5 years ago
  • by fusl