× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. PCTECH
  3. August 2013

Re: ISP can't reach our website

On the search page coming up. It is called NXDOMAIN hijacking.

Almost all ISPs now practice NXDOMAIN hijacking. While the standards say
that if a domain request to a DNS results in a non-existent domain
(NXDOMAIN) that it should return an error code saying such. However,
ISPs figured out a way to cash in on typos. Their DNS always returns an
IP no mater what. For NXDOMAIN it returns an IP of their search engine
so they can "help" you find what you were looking for, and make money
off providing search results for the sites on the page. They don't care
that this only works with http and can really screw up other protocol
apps. Try doing a WHOIS on the domain that shows up in the address bar
with the search page. Try doing a look up on who owns the IP block the
domain points to. Odds are they both will tell you NOTHING about who is
behind them.

I fought with one ISP for over a week on this issue after it cost one of
my customers a bunch of forensic work looking for a rootkit that wasn't
there and inability to contact their 3rd party billing processor
(vpn/ftp). They hadn't mistyped a url but the total process depended on
accurate NXDOMAIN for the vpn to work. After several documented lies on
their part (they exempted their techs from the hijack) they finally
fessed up that they were the ones behind the search page. They also
indicated there was a word on the page that WAS NOT formatted as a
hyperlink but was a hyperlink to a page where you could opt out. Only
thing was, the opt out was placing a cookie in your browser. So, 1) had
to be done individually on every PC, 2) had to be redone every time you
cleaned out the cookies 3) didn't do a d*** thing for other protocols.

The corker: they had just sent out a letter that their email servers
were going to "fully" enforce standards to control SPAM and that
everyone would have to make sure their clients were up to date with
standards. BUT, when pointed out that their NXDOMAIN hijack was contrary
to standards they said that "standards are just a suggestion and they
didn't need to follow any of them."

And that is why I NEVER use an ISP's DNS.

Roger Vicker, CCP

On 8/15/2013 3:48 PM, John Jones arranged the binary bits such that:
Both ping & web working from my client here in Chicago (ISP = Time Warner).

Could be DNS; could also be blacklisted. Plug your IP or domain name in at
http://multirbl.valli.org/lookup/ and/or other blacklist checkers.


On Thu, Aug 15, 2013 at 3:32 PM, David Gibbs <david@xxxxxxxxxxxx> wrote:

On 8/15/2013 3:25 PM, Jeff Crosby wrote:
I heard from GoDaddy. They want a tracert dilgardfoods.com. The
tracert
just continually times out for the entire 30 hops.

$traceroute 68.178.254.204
traceroute to 68.178.254.204 (68.178.254.204), 30 hops max, 60 byte packets
1 50-73-104-46-ip-static.hfc.comcastbusiness.net (50.73.104.46) 0.646
ms 1.563 ms 1.944 ms
2 96.120.27.69 (96.120.27.69) 29.145 ms 30.075 ms 31.713 ms
3 te-2-2-ur02.rollingmdws.il.chicago.comcast.net (68.86.118.181)
18.424 ms 18.625 ms 18.709 ms
4 te-6-2-ur01.homewood.il.chicago.comcast.net (68.87.232.9) 23.795 ms
te-1-2-0-0-ar01.area4.il.chicago.comcast.net (68.87.230.77) 23.578 ms
te-6-2-ur01.homewood.il.chicago.comcast.net (68.87.232.9) 23.861 ms
5 he-3-5-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.95.237)
21.414 ms 22.393 ms 22.581 ms
6 he-1-2-0-0-cr01.chicago.il.ibone.comcast.net (68.86.88.25) 22.737 ms
16.929 ms 14.782 ms
7 xe-8-2-0.edge1.Chicago2.Level3.net (4.71.248.65) 12.827 ms 13.751
ms 13.944 ms
8 4.69.158.230 (4.69.158.230) 74.476 ms 74.570 ms 4.69.158.234
(4.69.158.234) 72.306 ms
9 ae-14-14.ebr1.Dallas1.Level3.net (4.69.151.118) 73.894 ms 74.121 ms
73.716 ms
10 ae-1-8.bar1.Phoenix1.Level3.net (4.69.133.29) 73.942 ms 74.116 ms
73.367 ms
11 THE-GO-DADD.bar1.Phoenix1.Level3.net (4.53.104.2) 74.587 ms 74.762
ms 79.944 ms
12 ip-184-168-0-113.ip.secureserver.net (184.168.0.113) 78.404 ms
77.372 ms 76.285 ms
13 ip-184-168-0-113.ip.secureserver.net (184.168.0.113) 101.910 ms
70.920 ms 69.922 ms
14 ip-184-168-1-134.ip.secureserver.net (184.168.1.134) 77.867 ms
76.823 ms 78.348 ms
15 ip-184-168-1-134.ip.secureserver.net (184.168.1.134) 78.139 ms !X * *


--
IBM i on Power Systems - For when you can't afford to be out of business

I'm riding a metric century (100 km / 62 miles) in the 2014 Chicagoland
Tour de Cure to raise money for diabetes research, education, and advocacy.
Sponsor me by visiting http://archive.ridewithdavid.com. Any amount is
appreciated.
--
This is the PC Technical Discussion for IBM i (AS/400 and iSeries) Users
(PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.