Comment It happened to me and what I did (Score 1) 337
Invalid DNS Redirection
Recently I inadvertently entered a url and forgot one of the leading w's. I thought I'd get a browser error, instead I was opening a page with all sorts of ads and a "Did you mean:" with several suggested web sites. I know how DNS works so I brought up a network sniffer to see what was going on. To my astonishment my DNS server was returning a valid IP address for a dns entry that did not exist! When opened, this address did a http redirect to the web site with the ads and suggestions. I tried a simple test to see if the browser was involved. I used NSLOOKUP and entered an invalid address and sure enough a valid IP was being returned, I don't use a proxy server so the problem had to be in the DNS server. I have to use Hughes satellite services so I though it might be something being done by them, but in reading on the net many IPSs are doing the same thing. I investigated some more and found out that Hughes was using the services of a company called Paxfire who makes a living working with Internet ads. Other ISPs might be using another service. I noticed that the redirection was returning another url, wwh.found-not-help.com. If I put that name in the hosts file I then got a normal http error. That would suffice in most cases but on a satellite Internet link the round trip packet latency can make a connection look like dial-up.
I decided to look into this more. I had an idea. Several years ago I wrote 2 functions for a project I was on, AddDNSName, and DeleteDNSName. These would add secondary IP addresses to the network adapter and delete them programmatically. So I wrote a simple program using the old gethosybyname socket function. I would look up an invalid name and if a valid IP address was returned I added these addresses to my system. After that everything worked as it should. DNS returned the redirection IP addresses and a connection attempt would immediately fail because the address was now local.
The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic.
This is not a new problem and I found this reference http://www.itmweb.com/f092403.htm about Verisign having the problem in late 2003! I find it amazing that IPSs would change Internet standards just to receive more ad revenue. Seeing that there was no recourse in standards committees I decided to write this and the code for the problem. The code could easily be polished to make it stronger, I just wrote a prototype program (which I use). There is an article on codegugu.com, http://www.codeguru.com/cpp/i-n/network/winsocksolutions/article.php/c6165/ that has the C++ code for add and delete ip addresses(ipadddel.c ipadddel.h). Here is the code I wrote for this problem. It can be easily modified for adjustments. It's a hack job but it seems to work.
It seems I can't post the code, I get a "too many junk characters" error. If you want it I'll send it to you.
Just a few notes on this. IP addresses added are transient, which go away after a reboot or delete. The chance of these DNS IP addresses are in your address space is extremely small and not possible if you are using DHCP. The ISP's could change the redirection IP address but it would still be found every time the code is run on the workstation. The code is setup for 2 redirection addresses but could easily be changed for more.
The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic. What they didn't consider also is that Browsers are NOT the only internet application that uses DNS.
Bill
Recently I inadvertently entered a url and forgot one of the leading w's. I thought I'd get a browser error, instead I was opening a page with all sorts of ads and a "Did you mean:" with several suggested web sites. I know how DNS works so I brought up a network sniffer to see what was going on. To my astonishment my DNS server was returning a valid IP address for a dns entry that did not exist! When opened, this address did a http redirect to the web site with the ads and suggestions. I tried a simple test to see if the browser was involved. I used NSLOOKUP and entered an invalid address and sure enough a valid IP was being returned, I don't use a proxy server so the problem had to be in the DNS server. I have to use Hughes satellite services so I though it might be something being done by them, but in reading on the net many IPSs are doing the same thing. I investigated some more and found out that Hughes was using the services of a company called Paxfire who makes a living working with Internet ads. Other ISPs might be using another service. I noticed that the redirection was returning another url, wwh.found-not-help.com. If I put that name in the hosts file I then got a normal http error. That would suffice in most cases but on a satellite Internet link the round trip packet latency can make a connection look like dial-up.
I decided to look into this more. I had an idea. Several years ago I wrote 2 functions for a project I was on, AddDNSName, and DeleteDNSName. These would add secondary IP addresses to the network adapter and delete them programmatically. So I wrote a simple program using the old gethosybyname socket function. I would look up an invalid name and if a valid IP address was returned I added these addresses to my system. After that everything worked as it should. DNS returned the redirection IP addresses and a connection attempt would immediately fail because the address was now local.
The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic.
This is not a new problem and I found this reference http://www.itmweb.com/f092403.htm about Verisign having the problem in late 2003! I find it amazing that IPSs would change Internet standards just to receive more ad revenue. Seeing that there was no recourse in standards committees I decided to write this and the code for the problem. The code could easily be polished to make it stronger, I just wrote a prototype program (which I use). There is an article on codegugu.com, http://www.codeguru.com/cpp/i-n/network/winsocksolutions/article.php/c6165/ that has the C++ code for add and delete ip addresses(ipadddel.c ipadddel.h). Here is the code I wrote for this problem. It can be easily modified for adjustments. It's a hack job but it seems to work.
It seems I can't post the code, I get a "too many junk characters" error. If you want it I'll send it to you.
Just a few notes on this. IP addresses added are transient, which go away after a reboot or delete. The chance of these DNS IP addresses are in your address space is extremely small and not possible if you are using DHCP. The ISP's could change the redirection IP address but it would still be found every time the code is run on the workstation. The code is setup for 2 redirection addresses but could easily be changed for more.
The ISP's have a solution but it requires leaving a cookie on your system and you're still doing more network traffic. What they didn't consider also is that Browsers are NOT the only internet application that uses DNS.
Bill
