Skip to content

"It's a trap! Reported phishing or malware site" : who?

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
71 posts Page 1 of 8
Post a reply

"It's a trap! Reported phishing or malware site" : who?

by digitalbitstream » Wed Jan 22, 2014 10:25 am
A number of times recently I have hit this specific "Reported phishing or malware site" page. Unlike with Firefox Phishing and Malware Protection, there is no option to bypass this one:
Selection_029.png
Unknown mallware reporting page. It's a trap!
Selection_029.png (33.76 KiB) Viewed 9071 times
The same page appears on all browsers including "links" and "wget". There's no contact information listed, and no indication who rated the page as mallware, when, or why. My dns comes from Sonic.net, though I do use 8.8.8.8 on occasion. Goolging for this term produces nothing of use.

Who is behind this particular anti-mallware effort? If I submit to the form on the page, who reads it?
Last edited by digitalbitstream on Thu Oct 23, 2014 12:54 pm, edited 2 times in total.
by digitalbitstream » Wed Jan 22, 2014 10:26 am
Example xxx://dns-blocked.sonic.net/ (remove the xxx to see).
by cdkeen » Wed Jan 22, 2014 10:28 am
We (Sonic.net operations) read the submissions and take appropriate action. If you would prefer not to utilize the malware protection you can use Sonic.net's non-RPZ enabled DNS servers:
https://wiki.sonic.net/wiki/List_of_rec ... NS_servers
That will stop the requests from being rewritten and you won't see the mouse trap any longer!
cdkeen - Sonic.net System Operations
by digitalbitstream » Wed Jan 22, 2014 4:59 pm
This "mouse trap" page violates a key tenant of anti-censorship and fairness: identifying who did the blocking and why. Sonic should immediately make a change here.
by cdkeen » Wed Jan 22, 2014 6:23 pm
Sonic.net is not the only entity that utilizes the dns-blocked page, so do our affiliate ISPs, which is why there is no logo. Contrary to violating any tenants of fairness, the response policy validation is more than fair, it is free protection, which if you don't want, we will help you not use, hence the wiki page I linked to before. Notwithstanding at some point the page will likely be skinned to allow the proper ISP to direct user's on where to call for support if necessary and eliminate the perception that there is possibly something amiss due to the lack of attribution. Thanks for choosing Sonic.net!
cdkeen - Sonic.net System Operations
by dane » Wed Jan 22, 2014 8:42 pm
As cdkeen notes, we run services for about seventy independent ISPs today. This leads to a number of things being "white labeled" for their benefit. You may see a few generic 'dsltransport.net' devices in traceroutes for the same reason. They also have items like a portal for their own Fusion customers which approximates our Member Tools; theirs is at http://fusionbroadband.com/, while our own customers uses the various resources at https://members.sonic.net/
Dane Jasper
Sonic
by digitalbitstream » Thu Jan 23, 2014 12:26 pm
In the "white label" business is is common to customize or brand the offering.
Surely something in your backend system knows which partner the traffic came from?
Even if not a note like "Mallware filtering provided by SonicCoServices under contract" would be better than asking people to send personal data to an anonymous service.

--
I do have the same complaint about other business: Chase bank calls with "This is an important message from cardmember services" for the same reason. But that makes it far more difficult to distinguish between a real call and a telemarketer call. Similarly the generic mousetrap offers no trust metrics. Chase told me they're changing their systems in the next year because of this very set of issues.

---
And to be clear: I appreciate the mousetrap and want to leave it enabled. Anti-censorship fairness, however, requires labeling of the when, why and who of censorship.
by Rick Walker » Fri Mar 14, 2014 1:11 am
I think it is very problematic to summarily censor webpages with no opt-out key and no identification for who is doing the censoring. I'm a computer professional and if I choose to visit a web page, it should be possible. This policy make it impossible for me to verify the site myself, or to even view the website using forensic tools. If it was my own site, I would be blocked with no recourse. It is particularly despicable since there is no attribution as to who is censoring my web feed, and there is no "bypass at your own risk button". I don't need a nanny.
by dane » Fri Mar 14, 2014 1:54 pm
While we believe that most customers prefer the protection which is provided by the blacklist, we do offer an opt-out mechanism. From: https://wiki.sonic.net/wiki/DNSSEC#How_ ... feature.3F

How can I opt out of this feature?
We provide two DNS servers with the same level of performance and redundancy that do not have DNSSEC validation enabled. If you wish to use those name servers instead, you can set your configuration to the following IP addresses:
75.101.19.196
75.101.19.228

FYI it can't be a click-through "bypass at own risk" option because DNS itself is used to redirect using the lookup. Sonic does not have devices in the data path which do deep packet inspection or other analysis which would allow for a filter then bypass via button option.
Dane Jasper
Sonic
by digitalbitstream » Wed Mar 19, 2014 11:31 am
dane wrote:While we believe that most customers prefer the protection which is provided by the blacklist, we do offer an opt-out mechanism. From: https://wiki.sonic.net/wiki/DNSSEC#How_ ... is_feature.
Dane: the complaint is not about the black list, and it's not about opt-out.
The complaint is about censorship without identifying who's doing the censorship.

Add sonic's logo, or the partner ISP's logo, and it's all good.
71 posts Page 1 of 8

Return to “Access”