Sunday, January 20, 2008

2008-01-20 Verizon is EVIL

I was reading The Guardian (http://www.guardian.co.uk/), about the recent Boing 777 crash in Heathrow, when all of a sudden, instead of the link taking me to the next article, I was presented with the following screen:



This is outrageous. Under NO CIRCUMSTANCES should the ISP ever proxy themselves between my web browser and the web server that I am trying to contact. In the security industry, this is called a man-in-the-middle attack, and it Verizon is TAMPERING with and ALTERING the information being provided to me by other entities on the Internet.

Upon further investigation, it appears that Verizon is doing this for DNS entries that do not resolve. But this is further an outrage given that I can ping and access the Guardian's web servers from another server, indicating that their systems are running.

Tomorrow, I shall phone their support line and explain that this behaviour is unacceptable, in violation of the fundamental protocols that define how Internet applications function, and that unless such behaviour is stopped, we shall be terminating our service with the company and recommending that all other people that we know do so as well.

Update

It appears that other people have been encountering this behaviour, abet just with incorrect DNS entries:

http://www.freedom-to-tinker.com/?p=1227
http://arstechnica.com/news.ars/post/20070621-sitefinder-redux-verizon-tests-dns-redirect-service.html

This is completely unacceptable, and this needs to be stopped.

Update 2

I can't even view my own blog, because Verizon is no longer resolving seataf.blogspot.com. Yet, I can resolve this address without any problems from my other server, which is not connected to the Internet via Verizon. Time to call support...

Update 3

Support wasn't useful, except saying that they were doing some unspecified "maintenance" to their system.

I replaced the configured Verizon DNS servers with alternate ones, and things are at least working again.

I think a letter complaining about their unacceptable alteration of DNS responses is in order...

No comments: