Menu
Reply
cds84
  • 7
  • 0
  • 0
Tuning in
4,383 Views
Message 1 of 15
Flag for a moderator

DNS hijacking - how to disable / opt out?

All machines are my LAN are configured via DHCP.

This gives me nameservers 194.168.4.100 and 194..168.8.100. (Virgin Media's DNS servers).

while trying to debug some issues i was having with NETBIOS, I noticed i was getting some strange results!

```bash

[cds@xps13 ~]$ ping this_is_a_made_up_invalid_domain
PING this_is_a_made_up_invalid_domain (92.242.132.24) 56(84) bytes of data.
64 bytes from unallocated.barefruit.co.uk (92.242.132.24): icmp_seq=1 ttl=242 time=22.9 ms

```

How odd!?

So, lets check-out barefruit.co.uk..

The website says that it...

```

The Barefruit Solution Generating highly targeted traffic by replacing DNS and HTTP errors with relevant advertising

```

No thank-you!

So, now my software has cached the wrong IP address of my resolve... which is annoying!

Also, there are security implications, are there not?

Can I opt out of this advertising rubbish?

I would like to receive my DNS and HTTP errors.

 

0 Kudos
Reply
legacy1
  • 15.94K
  • 691
  • 1.56K
Alessandro Volta
4,380 Views
Message 2 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

You could always run your own DNS resolver.

Or some times this works
https://my.virginmedia.com/advancederrorsearch/settings

---------------------------------------------------------------
cds84
  • 7
  • 0
  • 0
Tuning in
4,373 Views
Message 3 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

Awesome!

Thanks!

opting out here did the trick!

https://my.virginmedia.com/advancederrorsearch/settings

 

[cds@xps13 ~]$ ping super_wrong_name
ping: super_wrong_name: Name or service not known

I was a little disappointed that there was no way to over-ride DNS in the router... My old router allowed me to select other providers.. OpenDNS for example.

THANKS ANYWAY, this closed my issue.

0 Kudos
Reply
nleaney
  • 55
  • 0
  • 7
Dialled in
3,503 Views
Message 4 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

I was just about to post something similar - it appears the DNS name of my work email server appears to be somehow included in the Virgin DNS with an IP address pointing at barefruit.co.uk. It was only spotted when I reported access issues to the email service and a strange IP address was detected.

The IT Team have asked me to raise it as an incident with my ISP ant they are going to flag it with IT Security as a potential issue. The implications in my case are that my email credentials may have been passed via this intermediary.

Something I'm unsure of though is whether this has been done with the knowledge of Virgin Media or whether this is somehow opportunistic activity on behalf of barefruit? Anyone have any ideas?
0 Kudos
Reply
用心棒
  • 5.82K
  • 655
  • 2.02K
Very Insightful Person
Very Insightful Person
3,431 Views
Message 5 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?


@nleaney wrote:
I was just about to post something similar - it appears the DNS name of my work email server appears to be somehow included in the Virgin DNS with an IP address pointing at barefruit.co.uk. It was only spotted when I reported access issues to the email service and a strange IP address was detected.

The IT Team have asked me to raise it as an incident with my ISP ant they are going to flag it with IT Security as a potential issue. The implications in my case are that my email credentials may have been passed via this intermediary.

Something I'm unsure of though is whether this has been done with the knowledge of Virgin Media or whether this is somehow opportunistic activity on behalf of barefruit? Anyone have any ideas?

Concerning the former, if your client is setup to securely exchange data with your work email server then it will fail to authenticate the connection and terminate; your email authentication credentials would not have been sent.

And the latter, of course it has been done with Virgin Media's knowledge as part of their Advanced Network Error Search feature; is it a good idea, no IMHO because it lacks consent and contributes nothing of value to a user's experience.

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

  Use Kudos to say thanks

  Mark as Helpful Answer if I've helped

.

0 Kudos
Reply
cds84
  • 7
  • 0
  • 0
Tuning in
289 Views
Message 6 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

They are doing it again!!!!

 

I opted out if DNS hijacking in the router settings... But now, after debugging another connection issue, I find that they are doing it again?? They auto opted me back in!?

After a router firmware update, I suspect.

How can I disable firmware updates in the router?

Virgin media clearly cannot be trusted.

Tags (1)
0 Kudos
Reply
gary_dexter
  • 30.64K
  • 1.9K
  • 4.07K
Alessandro Volta
271 Views
Message 7 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?


@cds84 wrote:

They are doing it again!!!!

 

I opted out if DNS hijacking in the router settings... But now, after debugging another connection issue, I find that they are doing it again?? They auto opted me back in!?

After a router firmware update, I suspect.

How can I disable firmware updates in the router?

Virgin media clearly cannot be trusted.


You’ve never been able to opt out of it via the hub settings.

You have to do it via your online account. 


*****
If you think my answer has helped - please provide me with a Kudos rating and mark as Helpful Answer!!
I do not work for Virgin Media - all opinions expressed are of my own and all answers are provided from my own and past experiences.
Office 365, Dynamics CRM and Cloud Computing Jedi
0 Kudos
Reply
cds84
  • 7
  • 0
  • 0
Tuning in
261 Views
Message 8 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

Ah, yes. Sorry. I misremembered.

I used the inline firm again, it said I am already opted out..

 

but still, my DNS lookups are hijacked to barefruit!

Can I replace my router with one that supports custom DNS settings?

Virgin medias are malicious/broken.

 

I know I can put the hub into modem only mode... But I would rather not waste power running 2 routers.

0 Kudos
Reply
lotharmat
  • 946
  • 70
  • 142
Well-informed
253 Views
Message 9 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

AFAIK the only way to do it is either change the DNS on the device (which should ignore the ones set by DHCP) or get your own router and specify there!

The Hub will not let you specify your own



------------------------------------------------------------------
Hub 3 - Modem Mode - TP-Link Archer C7

0 Kudos
Reply
Anonymous
Not applicable
249 Views
Message 10 of 15
Flag for a moderator

Re: DNS hijacking - how to disable / opt out?

you do not need your own router. you just need a DHCP server on your network. If you have a raspberry pi you can run PiHole as your DNS/DHCP server and disable the DHCP in the hub.

No one will have gotten your email credentials as they will have been encrypted even if sniffed. If you are not using a secure connection for email then you have much bigger security problems than a DNS catch all
0 Kudos
Reply