[ NNSquad ] HughesNet apparently diverting DNS UDP data

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] HughesNet apparently diverting DNS UDP data

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] HughesNet apparently diverting DNS UDP data
From: Lauren Weinstein <lauren@vortex.com>
Date: Sun, 16 Mar 2008 12:00:25 -0700 (PDT)
Cc: lauren@vortex.com

Greetings.  Early test results via the NNSquad test DNS zone are
strongly suggesting that HughesNet is intercepting and diverting
ordinary (UDP) DNS queries at the port 53 level.  AXFR (TCP) queries
do not appear to be similarly affected at this time.

Dig tests set to the dns-test.nnsquad.org DNS server, which should
have returned correct ip addresses, are instead returning (see dig
listing below) an ip address (e.g. 65.200.200.50) associated with
Paxfire, Inc. ( http://paxfire.com/ ):

   "The Paxfire Look-up Service enables a network operator who runs
    his own DNS to generate significant revenue/profits from
    searches conducted by end-users on his network.  Today a network
    operator gets absolutely nothing for these searches.  Paxfire
    can change all that for you today."

Also note below that the dig results claim to have come from the correct
dns-test.nnsquad.org server ip address:

;; SERVER: 67.119.61.35#53(67.119.61.35)

But this is untrue.  The returned host A record is falsified and not the 
correct record held by this server.

The associated "No such domain" DNS diversions lead to Yahoo Search
pages such as:

http://wwh.found-not-help.com/search?qo=www.weownyou.com

For Web browsing it is reportedly possible to opt-out of this
diversion to the Yahoo search page by maintaining a cookie (which of
course must be re-established on all associated Web browers whenever
cookies are cleared).  No opt-out appears possible for non-http
services.  It also seems likely that the cookie only prevents the
transfer to the Yahoo search page and probably doesn't affect the
underlying DNS UDP lookup diversion, but this has not been demonstrated
definitively at this time.

Dig test results follow from a representative HughesNet client system.
This is all based on the best information to this point -- additional
data and info will be reported as appropriate.

--Lauren--
NNSquad Moderator

 - - -

$ dig @dns-test.nnsquad.org smart.control.hq
 
 ; <<>> DiG 9.4.1-P1 <<>> @dns-test.nnsquad.org smart.control.hq
 ; (1 server found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9855
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;smart.control.hq.              IN      A
 
 ;; ANSWER SECTION:
 smart.control.hq.       60      IN      A       65.200.200.50 <<- BUZZ! WRONG!
 
 ;; Query time: 866 msec
 ;; SERVER: 67.119.61.35#53(67.119.61.35)  <<- A LIE! RESULT NOT FROM HERE!
 ;; WHEN: Sun Mar 16 12:30:56 2008
 ;; MSG SIZE  rcvd: 50

Prev by Date: [ NNSquad ] Expected query output data for NNSquad DNS test zone
Next by Date: [ NNSquad ] Testing Your Internet Connection for ISP DNS Diversions
Previous by thread: [ NNSquad ] Expected query output data for NNSquad DNS test zone
Next by thread: [ NNSquad ] Testing Your Internet Connection for ISP DNS Diversions
Index(es):
- Date
- Thread