[LINK] unlawful interception of internet traffic?

Craig Sanders cas at taz.net.au
Fri Dec 8 09:45:45 AEDT 2006

On Fri, Dec 08, 2006 at 09:22:13AM +1100, Marghanita da Cruz wrote:
> Craig Sanders wrote:
> >they've diverted the traffic by providing a false address.
> I might be barking up the wrong tree.
> But this could be the problem.
> I found, quite by accident, that my old ISP hadn't updated their DNS
> and so, their customers couldn't send me emails. A friend said emails
> to me kept bouncing. 12 months after I had switched. She was puzzled
> as she said it was the same mail address she used previously and the
> same one everyone else was using. She could see my website ok.

no, this is not what is happening.

i am not using their DNS server. i am using my own, which is NOT
configured to use theirs as a forwarder. there is no way that my server
could be getting responses from their nameserver UNLESS they are
intercepting DNS requests for the correct name-server and diverting
it to their own.

in any case, the domain being intercepted was NEVER, at any time,
hosted by the ISP doing the interception. there is no legitimate reason
(not even the semi-legitimate reason of slackness or incompetence) for
their nameserver to be claiming to be authoritative for the domain in
question.  this could only be a deliberate malicious act.

> It took quite a bit of work to convince them of the problem (as I was
> no longer a customer - you can guess why!) and even more to guide them
> through fixing it.

i've been a system admin in the ISP industry since the early 90s. i've
seen what you describe several times from the other side. i know how to
recognise it and how to diagnose it.

some ISPs are just slack and don't update their DNS when they should.
this is partly because many (most?) ISPs are scared of DNS because they
think it's difficult.

rarely, some ISPs deliberately hold on to (ex-)? customers' domains in
order to either a) encourage them to come back or b) punish them for
leaving. they know who they are. most in the industry know who they
are too. one large ISP in particular used to do this....it was very
difficult (often impossible) to get them to remove domains from their

in either scenario, it is a real PITA for everyone concerned, and
usually the customer simply can not understand what is going on and has
no idea who to believe (their new ISP or their old ISP).

OTOH, some customers are slack and don't bother to inform their (ex-)
ISP that they have got a new service provider.  ISPs aren't mind
readers, they can't magically know that their customer no longer needs
the DNS hosting service.  THIS scenario of customer slackness is far
more common than the ISP incompetence or ISP malice scenarios. this
could be seen as a good thing or a sad thing, depending on how you look
at it :)


craig sanders <cas at taz.net.au>           (part time cyborg)

More information about the Link mailing list