On Thu, 2014-07-24 at 18:56 -0700, jdebert wrote:
> On Fri, 25 Jul 2014 03:30:19 +0200 Karsten Bräckelmann wrote:
> > On Thu, 2014-07-24 at 17:32 -0700, jdebert wrote:
> > > Sprint, which I use for net access is hijacking DNS.
> >
> > What exactly do you mean hijacking? Routing NXDOMAIN to some sort of
> > advertising web-server? Or serious packet-sniffing tampering with
> > *any* DNS query crossing their hardware?
>
> Yes. Also disabling dnssec, not responding to certain queries and
> modifying responses and queries.
Run.
Is that an option?
> They like to call it "transparent DNS proxying". But it's not
> proxying and obviously not transparent.
>
>
> > > I cannot trust that the response received by sa-update is valid. Is
> > > there another method to check for updates?
> >
> > If you really cannot trust *.updates.spamassassin.org DNS responses,
> > you cannot trust *any* DNS response. Including all the DNSxLs SA uses
> > by default. And rDNS rules. And your own SMTP's Received header.
>
> Wow. I never thought of that. :\
>
>
> > And just in case your problem merely is with using your ISPs DNS
> > server, don't. Run your own local, caching DNS resolver
> > (non-forwarding).
> >
> > Unless we're really talking intercepting raw DNS traffic, that should
> > do.
>
> we are.
Got to admit, I wasn't expecting this. What you describe sounds major.
Just to be clear -- and absolutely no excuse to tamper with raw traffic
like this -- are we talking end-user / dial-up?
Sprint really even messes with DNS TXT records? What for?
Well, unless there is no way around that almost malicious tampering, I
guess the solution is to change ISP, regardless whether that's local
line or server housing.
I understand home ISP switching might be difficult. In which case I
guess Sprint would see exactly one type of traffic by me -- VPN traffic
using their line into a trustworthy network.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
