Re: FairPoint DNS hijacking?
I wonder if 10.255.255.10 is the address of the modem. Michael On Fri, 14 Dec 2012 10:41:01 -0500 Jim McGinness wrote: > We signed up for Fairpoint DSL on our home line (already had it on a > different line, but our hope is that we could discontinue the old one once > the new one was working satisfactorily). > > New service, new Westell 7500 modem/router... > > When first connecting, the Westell does the DNS redirect thing to a page that > looks a lot like the one you're reporting. They want you to log in with a > "supported" browser and OS so you can run an "fpinstall" program that ties > your modem to your phone line and removes the built-in block/redirect. I also > installed Fairpoint DSL at our place in Maine a few weeks ago and, on that > line, the "fpinstall" action was performed by an installation program that > came on a CD in the box with the Westell. > > Done once, I have the impression you should not have to do it ever again > unless you reset your modem to factory defaults. > > I'm afraid that doesn't provide much light on why it was happening to you on > Sunday. > > -- jmcg > > On Dec 9, 2012, at 17:33, Joshua Judson Rosen wrote: > > > Anyone else experience FairPoint DNS hijacking, this evening? > > > > Between about 16:00 and 17:00, I got home from the mall and noticed > > that all of my DNS lookups had started returning 10.255.255.10, > > which was (and, apparently, *still is*) a webserver serving one page, > > which reads: > > > > [FairPoint logo] > > > >Welcome to the FairPoint Broadband Service web page. > >As part of our commitment to provide superior service > >we are improving the security of your broadband connection. > > > >As such, you have been redirected to the FairPoint Communications > >broadband service page to install a security update. > > > >We apologize for the inconvenience, but your Web Browser (Chrome) > >and Operating System (Linux) are not currently compatible with > >the DSL Security improvement process. > > > >If possible, please re-open this page on a Windows XP, Vista or > >Windows 7 PC using Internet Explorer. > > > >If that is not possible, please contact FairPoint Internet > >Technical Support for further assistance. > > > >Residential customers can reach FairPoint Internet Technical > >Support at 1.800.240.5019. Business customers can reach > >FairPoint Internet Technical Support at 1.800.314.9209. > > > > Thank you for allowing us to serve you. > > > > > > -- > > "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr." > > > > ___ > > gnhlug-discuss mailing list > > gnhlug-discuss@mail.gnhlug.org > > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ signature.asc Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FairPoint DNS hijacking?
On Fri, Dec 14, 2012 at 7:16 AM, M D L <41mag...@liberty.eprci.com> wrote: > Any decent ISPs should be filtering the private address space > from crossing their network. Leaving the vast majority of ISPs allowing it, alas. Comcast uses 10/8 for their management network, and I've seen it "leak out" into their customer net more than once. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FairPoint DNS hijacking?
We signed up for Fairpoint DSL on our home line (already had it on a different line, but our hope is that we could discontinue the old one once the new one was working satisfactorily). New service, new Westell 7500 modem/router... When first connecting, the Westell does the DNS redirect thing to a page that looks a lot like the one you're reporting. They want you to log in with a "supported" browser and OS so you can run an "fpinstall" program that ties your modem to your phone line and removes the built-in block/redirect. I also installed Fairpoint DSL at our place in Maine a few weeks ago and, on that line, the "fpinstall" action was performed by an installation program that came on a CD in the box with the Westell. Done once, I have the impression you should not have to do it ever again unless you reset your modem to factory defaults. I'm afraid that doesn't provide much light on why it was happening to you on Sunday. -- jmcg On Dec 9, 2012, at 17:33, Joshua Judson Rosen wrote: > Anyone else experience FairPoint DNS hijacking, this evening? > > Between about 16:00 and 17:00, I got home from the mall and noticed > that all of my DNS lookups had started returning 10.255.255.10, > which was (and, apparently, *still is*) a webserver serving one page, > which reads: > > [FairPoint logo] > >Welcome to the FairPoint Broadband Service web page. >As part of our commitment to provide superior service >we are improving the security of your broadband connection. > >As such, you have been redirected to the FairPoint Communications >broadband service page to install a security update. > >We apologize for the inconvenience, but your Web Browser (Chrome) >and Operating System (Linux) are not currently compatible with >the DSL Security improvement process. > >If possible, please re-open this page on a Windows XP, Vista or >Windows 7 PC using Internet Explorer. > >If that is not possible, please contact FairPoint Internet >Technical Support for further assistance. > >Residential customers can reach FairPoint Internet Technical >Support at 1.800.240.5019. Business customers can reach >FairPoint Internet Technical Support at 1.800.314.9209. > > Thank you for allowing us to serve you. > > > -- > "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr." > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FairPoint DNS hijacking?
Even if Fairpoint was doing Carrier Grade NAT there is a separate address space for that (100.64.0.0/10) per RCF 6598. They shouldn't even have 10.0.0.0/8 in their public routing tables even if they are using this internally. Any decent ISPs should be filtering the private address space from crossing their network. On Fri, 14 Dec 2012 01:10:53 -0500 John Abreau wrote: > 10.255.255.10 is in the 10.0.0.0/8 private address range, which is not > routed > across the public Internet. Therefore the bad server must have been local > to > whatever local network you were connected to at the time. > > I'm assuming that Fairpoint has not decided to implement NAT at the ISP > layer > instead of doing a proper IPv6 rollout. signature.asc Description: PGP signature ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FairPoint DNS hijacking?
10.255.255.10 is in the 10.0.0.0/8 private address range, which is not routed across the public Internet. Therefore the bad server must have been local to whatever local network you were connected to at the time. I'm assuming that Fairpoint has not decided to implement NAT at the ISP layer instead of doing a proper IPv6 rollout. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FairPoint DNS hijacking?
On Sun, 09 Dec 2012 17:33:15 -0500, Joshua Judson Rosen wrote: > Anyone else experience FairPoint DNS hijacking, this evening? > > Between about 16:00 and 17:00, I got home from the mall and noticed > that all of my DNS lookups had started returning 10.255.255.10, > which was (and, apparently, *still is*) a webserver serving one page, > which reads: I have FairPoint, but between 16:00 and 17:00 I wasn't using the computer, so I didn't see anything. However, some of my kids were and they run Linux as well. They would definitely have reported something like this and didn't. In other words: They are out to get you specifically. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
FairPoint DNS hijacking?
Anyone else experience FairPoint DNS hijacking, this evening? Between about 16:00 and 17:00, I got home from the mall and noticed that all of my DNS lookups had started returning 10.255.255.10, which was (and, apparently, *still is*) a webserver serving one page, which reads: [FairPoint logo] Welcome to the FairPoint Broadband Service web page. As part of our commitment to provide superior service we are improving the security of your broadband connection. As such, you have been redirected to the FairPoint Communications broadband service page to install a security update. We apologize for the inconvenience, but your Web Browser (Chrome) and Operating System (Linux) are not currently compatible with the DSL Security improvement process. If possible, please re-open this page on a Windows XP, Vista or Windows 7 PC using Internet Explorer. If that is not possible, please contact FairPoint Internet Technical Support for further assistance. Residential customers can reach FairPoint Internet Technical Support at 1.800.240.5019. Business customers can reach FairPoint Internet Technical Support at 1.800.314.9209. Thank you for allowing us to serve you. -- "Don't be afraid to ask (λf.((λx.xx) (λr.f(rr." ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/