[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Comcast DNS servers returning bogus information



     On Sun, 24 Aug 2008 11:37:04 -0500 Drake Wilson <drake@xxxxxxxxxxxx>
wrote:
>Quoth Scott Bennett <bennett@xxxxxxxxxx>, on 2008-08-24 10:47:26 -0500:
>> Aug 24 09:48:48.821 [notice] Your DNS provider has given "68.87.64.132" as an answer for 11 different invalid addresses. Apparently they are hijacking DNS failures. I'll try to correct for this by treating future occurrences of "68.87.64.132" as 'not found'.
>> Aug 24 09:49:18.828 [notice] Your DNS provider tried to redirect "www.google.com" to a junk address.  It has done this with 3 test addresses so far.  I'm going to stop being an exit node for now, since our DNS seems so broken.
>
>I'm not a Comcast customer, but just for the record, some Web searches
>turn up similar symptoms being discussed in various places (though
>beware of the Net of Fools):
>
>  http://lists.netisland.net/archives/plug/plug-2006-07/msg00105.html
>  http://www.twtex.com/forums/showthread.php?t=19796
>  http://text.broadbandreports.com/forum/r18642488-Replaced-cable-modem-but-new-one-stuck-on-Comcast-page
>
     Thanks for the URLs.  I check them out.

>Summary: according to an approximate consensus of the Net of Fools,
>this happens with accounts that are (possibly erroneously) considered
>suspended or deactivated, or on some forms of network topology
>changes, such as the MAC address being presented by the modem to the
>far end changing, or possibly the MAC address being presented to the
>modem changing without the modem being reset.  Supposedly, the address
>68.87.64.132 when accessed by HTTP from inside Comcast's customer
>network yields a page that requests that you run their "activation
>software" and enter your account information in order to reregister
>the modem (I guess).

     Huh.  Funny you should mention that.  A Comcast guy was here yesterday
afternoon and told me that that wouldn't be a problem.  I had asked him
specifically about changing a MAC address because he had hooked his laptop
to the modem temporarily.  However, the drone on the phone early this a.m.
kept trying to tell me that I needed to "flush the cache"  by rebooting my
computer.  Each time I would ask him to tell me what cache he had in mind,
he responded that I had to "flush the DNS cache".  Each time, I explained
carefully that a) this is a UNIX system, not a Windows system, b) there is
no name server running on this system, so there is no cache, and c) that
the only caches that appeared to need flushing were the two name servers
at Comcast whose IP addresses I had already relayed to him.  Each time, it
made no impression upon him at all because within minutes the same issue
would be repeated.  Sigh.  He clearly is operating in the dark as to how
these things works and is simply following a routine as augmented by
previous experience with convincing [usually ignorant] Windows users to
go through the whole script with him before he is allowed to pass the
matter along to someone who just *might* know enough more to do a little
better.
>
>My first guess would be that they noticed your Tor node and tried to
>disable it, then just disabled the DNS rather than everything.  My
>second guess would be that a MAC address changed somewhere.  I don't
>know whether either of these is the case, and I don't know anything
>about their "activation software".
>
     The only problem is that that explanation doesn't explain why their
name servers give out the identically wrong information to computers
elsewhere on the Internet.  If you're curious, trying looking up almost
anyplace on the net, but with the query going to one of those two Comcast
name servers.  Then try it without explicitly querying those two Comcast
name servers to see what the correct answers are.
     There may still be some problem due to the new modem, but my best
reckoning is that the problem is corrupted data in those two name servers.
It doesn't look to me like anything done intentionally.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************