Simon Willison’s Weblog

It's not likely to come up on a 404 page. 404 pages are served by a server that actually has authority for the domain. It would be the web host rather than the visitor's ISP that would intercept that type of error.

A use can also be proactive and choose not to use their ISP's DNS. I've been happily using OpenDNS ever since I learned about it when I heard of drive-by pharming. Of course that means I have to trust OpenDNS to keep their pages secure.

David Robarts - 21st April 2008 15:55 - #

David: I'd say it is less likely only because (most?) ISPs don't proxy HTTP. While an ISP's attack on DNS is more likely because most ISPs *do* already "proxy" DNS through their own servers. But really, your ISP can modify any of your traffic of any type if they're motivated enough to do so (with the caveat that if it is well-encrypted traffic all they can do is corrupt it). They are the man-in-the-middle, after all.

Once they're proxying an HTTP request, there's no reason they couldn't easily replace 404 pages with their own "helpful" error message (cf. IE or Google Toolbar).

Interesting point about using OpenDNS as your nameserver to avoid a problem like this (or rather, to trust someone other than your ISP). I think if I didn't trust my ISP's DNS servers I'd prefer to retain slightly more control and privacy and just setup my own recursive name server on a wifi access point (OpenWrt) though. But of course, if your ISP gets desperate enough for money, there's no reason they can't start altering the responses from OpenDNS or even authoritative servers.

Anon - 21st April 2008 17:22 - #