[nSLUG] Annoying Eastlink Notices

Gurjeet Clair gclair at espah.ca
Sun Feb 28 12:15:58 AST 2016


Another very good and better theory is it's a captive portal.

@Toxic_Flange I was under the impression that it’s a captive portal, not JS
injection.
@Toxic_Flange Pretty sure that there’s a special transparent NAT at the HFC
interface in the 10.0.0.0/8 space that can trap all
 @Toxic_Flange ie- you don’t get routed until you ACK.

On Sunday, 28 February 2016, Daniel AJ Sokolov <daniel at falco.ca> wrote:

> I've just figured it out, and they do as Gurjeet says: live JavaScript
> injection.
>
> http://24.222.0.93/dyn/bg/Movable_Copyright_Eastlink_v2/index.js?
>
> If I understand this correctly (and I'm not an expert), they load
> the abovereferenced javascript which changes the URL displayed in the
> browser to the URL of the original webpage, creates an iFrame, and
> finally adds HTML-code to the original HTML-page. This puts the text and
> link into the iFrame.
>
> I guess that it also checks the OS and does not insert the "notice" on
> Android and maybe other mobile OS.
>
> I do not use Citywide's DNS. For my testing, I've used Google's DNS.
>
> Yes, I can get around by using VPN and https. Thank you, Gurjeet.
>
> This is nasty.
> Daniel AJ
>
>
> On 2016-02-28 12:30 AM, Gurjeet Clair wrote:
> > If its city wides DNS you are using , it could be that is still fed by
> > eastlink upstream. I'd start with a switch to googles DNS. However I'm
> > fairly certain they are doing live http JavaScript injection. I'm going
> to
> > guess its AdPhonso . You can get around this with VPN or use https
> > everywhere. https://www.eff.org/HTTPS-EVERYWHERE
> >
> > On Sat, Feb 27, 2016 at 6:49 PM, Daniel AJ Sokolov <daniel at falco.ca
> <javascript:;>> wrote:
> >
> >> On 2016-02-27 at 18:32, Evan Lowry wrote:
> >>> https://en.wikipedia.org/wiki/DNS_hijacking
> >>>
> >>> I'm fairly certain, unless they've changed tactics.
> >>
> >> That's what I've found mentioned online, but I do not use the Eastlink
> >> DNS. So it has to be something different.
> >>
> >> BR
> >> Daniel AJ
> >>
> >>>
> >>> On Sat, Feb 27, 2016 at 6:29 PM, Daniel AJ Sokolov <daniel at falco.ca
> <javascript:;>
> >>> <mailto:daniel at falco.ca <javascript:;>>> wrote:
> >>>
> >>>     Hello,
> >>>
> >>>     this week, Eastlink has started to bombard me with copyright
> >>>     infringement notices under the "Notice and Notice"-regime of the
> >>>     Copyright Act.
> >>>
> >>>     However, they do not send emails. Rather, they insert these notices
> >> into
> >>>     (seemingly) random websites. It doesn't stop and blocks parts of
> the
> >>>     pages.
> >>>
> >>>     How do they do that? I can't find it in the source code.
> >>>
> >>>     I am not even a direct Eastlink customer, but a customer of their
> >>>     reseller Citywide Communications.
> >>>
> >>>     TNX
> >>>     Daniel AJ
> >>>
> >>>     PS: Needless to say, I did not infringe the Copyright. It is a scam
> >> by
> >>>     purported Copyright holders who want to bully us into paying
> >>>     "settlements".
> >>>     _______________________________________________
> >>>     nSLUG mailing list
> >>>     nSLUG at nslug.ns.ca <javascript:;> <mailto:nSLUG at nslug.ns.ca
> <javascript:;>>
> >>>     http://nslug.ns.ca/mailman/listinfo/nslug
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Evan Lowry
> >>> CTO, PitchPlay Inc (https://pitchplay.io)
> >>> 902.403.5244
> >>> www.exitiumonline.com <http://www.exitiumonline.com> |
> >>> https://github.com/Lykathia
> >>>
> >>>
> >>> _______________________________________________
> >>> nSLUG mailing list
> >>> nSLUG at nslug.ns.ca <javascript:;>
> >>> http://nslug.ns.ca/mailman/listinfo/nslug
> >>>
> >>
> >> _______________________________________________
> >> nSLUG mailing list
> >> nSLUG at nslug.ns.ca <javascript:;>
> >> http://nslug.ns.ca/mailman/listinfo/nslug
> >>
> >
> >
> >
> > _______________________________________________
> > nSLUG mailing list
> > nSLUG at nslug.ns.ca <javascript:;>
> > http://nslug.ns.ca/mailman/listinfo/nslug
> >
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca <javascript:;>
> http://nslug.ns.ca/mailman/listinfo/nslug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20160228/5ca6daa0/attachment.html>


More information about the nSLUG mailing list