Comcast is rolling out their DNS hijacking service, which redirects requests for invalid domain names to a Yahoo search results page, similar to what Verisign did a few years ago.
At least Comcast allows you to opt out. Browse to https://dns-opt-out.comcast.net and it will prompt you for an email address (it does not need to be your comcast.net address) and your cable modem's MAC address. You will receive a confirmation message at that address, so use a real email address.
I'm lazy – my office is upstairs, and my cable modem is in the basement. I don't want to walk down there, write down the MAC address and walk back up. Fortunately my cable modem – a Comcast-issued Scientific Atlanta WebSTAR – has a built-in web server running on http://192.168.100.1/. Before the modem establishes a connection with Comcast you can view all of the options – System, Signal, Status and Log. Once connected though, Comcast pushes down security restrictions and you can only access the System page.
Fortunately your cable modem's MAC address is listed there. Copy the MAC address into the Comcast DNS Helper opt-out form, click Submit and wait for the email containing the confirmation link. Once you confirm the request it will take about 2 days to take effect.
July 27th, 2009 at 10:48 am
OMFG this service makes me angry. Qwest does the same thing (according to my research). Additionally, down south a major provider is performing packet sniffing approaching DPS (deep packet inspection) and using the information gained to both place ads and sell the demo information to advertisers.
All I want is a pipe – static or dynamic. They all seem to be criminal in their intent. Comcast is mostly banned on twitter because when I cuss them out they respond. They have a whacko service department. Qwest will not respond to my emails anymore because they can't 'officially' answer my questions such as "Are you blocking any ports?", etc…
Get ready for the real fun – I have an unnamed acquaintance high up in Comcast and my inquiries to him left me even more scared of these companies. There is considerably more going on behind the scenes, things that I venture to say are illegal.
There are no laws that specifically target this behavior. There is no government oversight. These companies move too fast and appear to self-regulate well.
Only one solution at the moment : CricKet wireless on-ramp – you can pay cash and remain unknown. Any others?
August 6th, 2009 at 10:51 am
Marc — This claim is a pretty big one: "Get ready for the real fun – I have an unnamed acquaintance high up in Comcast and my inquiries to him left me even more scared of these companies. There is considerably more going on behind the scenes, things that I venture to say are illegal."
Can you back that up with some detail?
August 6th, 2009 at 12:09 pm
The conversation of note was with a top manager in the (commercial) security side who was tipsy at a party. He was the boyfriend of a long time work friend and got a little to comfortable with my questions. Paraphrased:
"With Comcast manipulating DNS and performing other less than honest activities visible to the public, what is going on that we don't know?" syn-hack is interesting http://bit.ly/37fTRW
Answer – "You don't want to know and I can't tell you" is the easiest way to sum the erratic and drunken conversation that followed.
When pushed I could not get him to deny my chief concern "non-annonomized traffic logging". Although not necessarily illegal in the packet realm, this is a form of wire tapping(?).
Remember proof of illegal activity is near impossible because they (providers) hold all the cards. There are only a few companies who control this deck. The big one is L3 of course, but they don't control the deck as much as they own all the chips. With L3 as the backbone and Comcast [et al] between you and your information the entrusted power is great. Human nature clearly dictates the activities of people(s) with this power. (insert middle school history flash back)
There are too many companies that log and don't tell. I log the sh!t out of my sites and traffic and except for this post don't tell. Ever read the Google terms of service? That is some scary stuff, but only when you are aware of the items they do not mention. I read much of the fine print. But I have better things to do than pick apart these documents anymore. Instead I just log-off Google and have anonymous points of entry and tunnels available as needed.
Is DPS illegal from the provider level? Is logging non-annonomized traffic to illegal? Is placing ads in your pipeline based on your traffic illegal? Is behavior shaping via packet manipulation illegal? Is the creation of bogus packets that are not route-able in the effort of destroying traffic types illegal? These are all happening from the provider level.
Illegal, probably not. But we have our tech illiterate slow moving government bending over for the lobby instead of creating righteous legislation necessary to protect the citizens.
With all the things that are going on out there I am rather uncomfortable. The items that I am not aware of scare me more. Net neutrality, among many ideas, are critical and the defense of freedom and is exclusively on our shoulders!
If an employer can legally sniff traffic (email, chat, and phone audio) in the office (incl Exchange) and take action, including man-in-the-middle attacks on secured / tunneled transmission what is Comcast doing? In the office I have seen this type of power destroy people, ulcers in one case, hysterical paranoia is another option. The abuse of power does not diminish as the level of authority increases. Look at Dick Cheney. He insisted (against intelligence specialists warning and a fight) to see unfiltered and raw intelligence data. Look at the mess those guys made. Imagine what is going to happen when Comcast sees profit fall? Your logs are a bad day in the stock market away from only god (Comcast) knows what.
We all "know people", and that is not the topic. Instead what are YOU doing to defend yourself? What are YOU doing to decrease negative corporate activities on the web? How many lost laptops of social security numbers are you listed on? I have, on several occasions, set behind a terminal looking at information I can neither believe or disclose legally. I am a spec of dust on the radar screen of tech coolness. (But my first official phone call from the FCC warning me about my online activity was in 1984 – does that help the coolness factor?)
Paranoia is critical to self preservation. Too much will destroy you and everyone around you.
Cheers and focus on the positive even if Comcast suxxor.
See you at refresh?
August 19th, 2009 at 9:28 pm
For reasons unknown, some private side IPs of some virtuals utilized at my workplace were actually being resolved by my RoadRunner DNS servers ( dns-redirect-lb-01.texas.rr.com ).
I forgot to launch my VPN connection to work, and proceeded to visit the URL of the virtuals (10.x.x.x IP space). To my surprise, I was taken to the WebSTAR page shown by you above. At first I did not believe that this really was my modem's info page (as I could not click on any of the other links except for System). I thought that I was a victim of some trojan/worm that hijacks connections and redirects to other pages.
For whatever reason, rather than trying to find out if I really had some sort of infectious computer program, I tried visiting one of the other virtuals, and the same thing happened! Only this time, the interface was different, and the MAC address was different.
It seems like any cable modem within the same subnet as yours can be reached via a web browser (if you can get the correct IP to it). I tried several IPs down from the two that worked earlier and I found a few that wouldn't respond, 1 that denied access and 1 that also showed a WebSTAR page.
I guess I shouldn't be surprised about this finding due to the nature of how the networks are setup, however, the thought of being able to hit my neighbor's cable modem had never occurred to me before. Just thought I would also share (as your blog was the first to pop up on google with the search string: dns redirect webstar road runner)
August 19th, 2009 at 9:47 pm
I bumped into this article a few days ago and thought of this blog post –
http://arstechnica.com/tech-policy/news/2008/09/comcast-sues-fcc-wants-p2p-throttling-order-overturned.ars
The closing qoute is good:
"would prefer to manage their networks in any manner they see fit without directives from the FCC covering what kinds of management techniques are over the line"
But if you dig through this more (a lot of reading) there are some major heavy duty missing laws. These operators seem to be running, well, wild and doing as they wish.
On interesting point I read was "there were no laws in effect making [the bad behavior] illegal" (paraphrased poorly). And why the hell not? Our government is now our banker and making our cars (sorry bout that), so why not get into the packet business? Most preferably regulate and keep these people busy.
The point being simple – regulate the living hell out of these companies. We already pay considerably more then other 1st world countries for 'net access, and that is only the start. If we are going to get raped let's get the FCC up their but too?
Hitting the neighbors cable modem, freaky. Your neighbor finding their cat duct taped to the light post – priceless.
–M
October 5th, 2009 at 7:46 pm
Just to throw this out there:
Comcast had this 'domain helper' service, turned off.
It turned itself back on, a support contact to comcast only came up with " It's our system, somehow after system maintenance your domain helper is activated again."
, there was they tried to do something on the backend to fix it, but I was asked to wait 24+ hours for the change to go into effect. Not a big deal to me, but indicative of a broken system, where they get to push out more advertising, to a paying customer that should not, and has opted to not, see this crap…
December 23rd, 2009 at 12:04 pm
I have opted out of their DNS helper service twice. Several days ago I noticed it was back on. I opted out again and it is backl on again. This time, it still shows as "off" on my account page so I am on the phone with their service representative trying to explain the problem. they know what DNS is but have no idea what the DNS helper is or why it shold be off (just because I chose that in my settings.) I'm waiting to speak to a supervisor.
February 19th, 2010 at 10:50 am
Using the comcast website to opt-out doesn't work, at least not reliably. And as HankB said, even when it does, the dang thing won't stay off.
I am not sure it really lets you opt-out, even when it appears to work.
I have not researched to see which method the comcast opt-out implementation uses. I was told however that deleting cookies and clearing the cache were part of the process, along with rebooting the modem and a 24+ hour wait.
I do know however that their is an alternative that works immediately. Use an alternate DNS server on your local machine.
Comcast provides a list of opt-out DNS servers here.
The quote below shows the public DNS servers I use. For me they have proven fast and reliable, mileage may vary. There is a more thorough list at the cited link.
I hope this proves helpful.
March 1st, 2010 at 2:34 pm
If your a business class comcast.net customer.. You have to use the DNS number provided at this address.
http://dns.comcast.net/dns-ip-addresses2.php