Rogers Hijacking failed DNS lookups

[actng]

we did it a different way... our VPN is connected via a ATT dialer that works either through phone line modem or existing internet connection. once the att dialer is installed, it creates a second "local area network connection".

In network propertieis, under Advanced | Advanced Settings, there is the option to move the "local area network connection 2" up in the list so that it gets a higher priority.

I've found this to be a better way than updating the DNS servers to the public DNS addresses for VPN connection purposes. For avoiding the annoyce of rogers however, I still updated the DNS addresses on the router, but that does not do the trick for my VPN connections if i take my work computer to a friend's house who did not update their router DNS...

[heybirder]

It sounds like you should be able to get vpn working correctly by following meetoz's steps in #89. OpenDNS allows you to block certain address, so just add Rogers's 3 DNS servers in the control panel.

I don't use Rogers anymore but I switched to OpenDNS a long time ago for speed and reliability.

[TVJunkie]

So I complained. I wrote letters to the CRTC, to Rogers, to ICANN and boasted how I was switching to Bell. Well guess what Bell who previously said I could have a nice fat fiber connection to my door can now only provide me "dial up" to my area.

So congratulations Rogers You win

We have our DNS work around for now but I am confident you will close access to the non Rogers DNS servers very quickly and make sure you protect me from all that I should not access and provide access to all those who pay you accordingly.

Canadians need to do something this is not just a Rogers issue it's all of Canada.

First we let the government censor our books but now the corporates are helping because we allow the books stores to be sold to a single company in the US and censor that way.

You censor my TV and Radio and told me what I can and can't watch. Even when we do win and get TV like al-Jazeera you give us an edited version that is designed to protect us.

I can't download iphone apps the rest of the world receives (google apps) and the ones I can download have radio stations stripped (Tuner).

I am sure there are thousands of examples out there on how the government either enforces censorship on us, assists companies to censor us or simply ignores it.

We worry about our friends who live in China where the government controls what people watch or do but the difference in Canada is we do it in such a way that the average person on the street doesn't even know it's happening.

[TVJunkie]

So the DNS server 4.2.1.1 that I was this week is either broken, blocked or shut down. I just moved my router to point to 4.2.2.2 / 4.2.2.4. How long am I going to have to play this game and why do I feel like a criminal who is stealing access to 3rd party companies DNS servers and using their bandwidth and their resources. I have this "I just stole direct tv but it's ok cause I pay for TV in Canada and I would buy that channel if I could and they shouldn't broadcast into my location" kind of feeling

Gone to take a shower and say my prayers. Sorry folks at 4.2.2.2 I really don't want to steal your DNS and I would pay my local telco for access to a working DNS if I could.

[shabbs]

4.2.1.1 or 4.2.2.1?

[hugh]

Careful, I changed my DNS server to 4.2.2.2 but had some problems. Not sure if it was Rogers or the Verizon servers.

[shabbs]

There's been talk for years that the owners of those servers (Level 3 Communications) would start blocking access.

[rgb]

Sent to the complaints commissioner, the toronto star, and microsoft piracy .

-----

I would like to complain about a new and serious breach of trust instituted by Rogers Communications to its internet users.

As of late this month, Rogers has implemented a major unannounced (and unchangeable) amendment to its ISP service provision under which any DNS lookup that can not be resolved into a proper URL redirects the user to Roger's own search result page, regardless of the search engine of preference configured by the user in the browser.

The resulting Rogers page presents advertising specific to various Rogers enterprises, and subsequent searches use Yahoo, a co-partner of Rogers, instead of the user's default selection of the user via the browser.

When paying for cable internet service in a market where only one player provides this service I expect – and want – unobtrusive internet access, which includes invalid URLs presenting my default warning and not be hijacked by Rogers as a mechanism to advertise to me.

It was only a couple of years ago that Rogers was citied for its negative option billing practices which resulted in Canadian legislation banning such activities. But it seems Rogers has not learned from that experience. The corporate position – at least expressed through “customer (dis)service”, is “too bad.”

Interestingly, Rogers provides what they call an “opt-out” option. But instead of this being a permanent fix whereby the user will never again be directed to the Rogers/Yahoo page, instead “opting out” simply sets a cookie indicating the user doesn't want to view Rogers DNS search page, which in turn does not restore the default action of the browser, but instead provides a page (http://www20.search.rogers.com/not_found) that is designed to mimic the error page in Internet Explorer (regardless of the browser being used.) Deleting this cookie, as a part of normal internet cleanup activities reverts, to the unwanted behaviour until opt-out is selected again. (I am also providing this complaint information to piracy@microsoft.com, as the page they have duplicated is part of a copyright DLL from Microsoft. They are relentless in defending piracy and the look and feel of Microsoft applications).

But of much more serious concern is the fact that by the Canadian government allowing ISPs or any individual operating in Canada to manipulate URLs via DNS the government is ultimately supporting the potential for increased identity theft through phishing. Imagine mistyping the URL to easyweb at TD Canada Trust and instead of an invalid warning, a hacker (or even a maleficent Rogers insider) has commandeered the DNS so you are directed to a page not operated by TD but which is designed to look like the TD login page for the purposes of securing sensitive login and banking information.

Or perhaps Rogers (or one of its employees) one day might want to prevent Rogers internet users from accessing competitor Bell's web site? Or perhaps they will redirect requests for ********* to partner Yahoo’s auctions.yahoo.com, or even redirect requests for your complaint page to rogers.com/feedback.

The DNS hijacking being utilized today by Rogers is illegal, not to mention highly immoral. This has to be stopped immediately. ICANN has strongly expressed its view that ISPs must not utilize DNS hijacking, in its decision on the all-too-recent VeriSign issue. (http://www.icann.org/en/committees/s...rt-09jul04.pdf)

The actions of Rogers this month is the beginning of internet filtering and redirection and it is imperative that all ISPs, including Rogers, are removed from any role as censor of internet information.

I therefore urge you to exercise all authority you may have in this regard to hasten the end of such practices by Rogers and any other ISPs watching this phenomenon.

Please accept this submission and my name below as my authority and consent to release my statements and concerns to Rogers, the CRTC, and any other entity undertaking review of this matter as you see fit.

Sincerely

[rgb]

The error message used by rogers is contained in a DLL that ships with IE. Since this dll is a component of IE and not redistributable, copying the contents of this DLL is copyright infringement. :-)

[Alternate]

Quote:

Originally Posted by rgb

The error message used by rogers is contained in a DLL that ships with IE. Since this dll is a component of IE and not redistributable, copying the contents of this DLL is copyright infringement. :-)

And as good Windows Internet Explorer users, you have gone to the Microsoft site and emailed them with the complaint of copyright infringement. There is a IE tech support contact section.

[Merkley]

I have an open case with the Office of the President at rogers. However, they are claiming low impact... "only a few users are effected".

I need everyone to please send me a private message with your name, company and what the VPN software is. I will be speaking with one of their VP's of Marketing and also talking to an engineer about the issues.

My call is Monday morning at 10:30 so I need this "now" --- please, PM me your details, I'm not a stalker or anything like that.

So far I've spent about 4 to 6 hours on the phone with John from the Office Of The President and one of their people who has been dancing around the issue and telling me "it can't be fixed" then, when I asked why, for a technical explanation he comes back with "are you authorized to speak on behalf of your company>". He knew I was calling from IBM (using the AT&T dialer) and that there is NO WAY I could ever say that (in fact that is clearly something we are NOT allowed to do in our business conduct guidelines).

Please, take 45 seconds and message me... I threatened to provide a list with "hundreds, if not thousands of names" -- and the bugger called my bluff....

Thanks,

Merkley

PS>> You can also message me at CDN.Merkley@gmail.com -- or through here... but just do it! (I'm also planning to go the news and have filed a complaint with the CCTS)

[hugh]

Quote:

I have an open case with the Office of the President at rogers. However, they are claiming low impact... "only a few users are effected".

SOP for Rogers!

[sarah.a.happy]

I just finished writing up what happens when one takes advantage of the keyword search feature of their web browser on a regular basis.

Rogers ends up taking all the single word keyword searches before even the web browser has a chance to help you out and send you to the right place.

If I put "facebook" in the address bar I get the search page, and if I put "gmail" in the address bar I get the search page, if there were actually dns failures being sent along my browser would send me to the right place on both of those cases, and at worst would send me on to my Google keyword search.


This is really annoying me, so I may need to start using another DNS server, perhaps even one that is locally installed.

[StanleySparker]

They told me to go to a site to generate the faux "page not found" from IE, but they also stated that only works until you clear your cookies.
The other option was to go to a site to generate an alternate DNS, not one provided by Rogers. I can't fathom how non-technical people would even go about doing this.

[Merkley]

I have some good news to report! I had my conference call with John from the Office of the President today. John was unable to bring along anyone technical though.... BECAUSE THEY ARE INVESTIGATING A FIX. John told me that he'd have a L2 supervisor contact me to discuss this issue in detail.

A few hours later I got a call from Tim, the L2 technical team supervisor. We had a short conversations in which he stated that Rogers is aware that this problem is substantial and that they are in meetings to address the problem. He actually even agreed that intercepting and hijacking my usage was a "slippery slope" (my words). I said that I was aware of the workaround about re-ordering the VPN but that it was not a solution because it needed to be done "occasionally" and was not a one-time fix --- and that it still didn't solve problems of misdirecting pages like "gmail" or "facebook"

Sooo.... they say they are working on a fix, that they understand that the impact was more severe than anticipated and that they could have something in the next day or so (the 29th/30th of July).

Tim, the L2 supervisor said he will call me everyday until this is resolved. Who knows, but maybe this time Rogers will listen.... I guess having a list of a few hundred names did get their attention. The next step was to post the direct line of the Office Of The President to have each person call in and complain...

BTW >>> Just tried to access my account on Rogers to check my internet usage.... it's down... looks like they are testing something maybe? Sure is a coincidence... but none-the-less I can't get to my usage.... should I get a month (year?) for free...? I think so!

Merkley (aka David -- the giant slayer...LOL!)