0

My iPad's 3G connection usually gets hijacked and shows me my provider's welcome page every time I first browse the internet. I have noticed that this only happens when using HTTP, and pages that use HTTPS or any other protocol will be retrieved without any problems.

At first I suspected that my provider simply sniffs my request to determine if it's HTTP, and if it is, it sends my iPad a custom HTTP response that redirects it to that annoying page. I have no way of verifying this, though, because there's no way to change the DNS resolver for a 3G connection or to inspect the HTTP response headers.

Today I investigated a bit more and saw some users discussing this on a forum. One of them sustained that the provider is indeed hijacking the HTTP request as it only happens when using that protocol, and another one would say that it's not actually what's going on, and the provider is actually just manipulating the DNS response. The other user confirmed that when he changed his DNS settings and the page stopped appearing for him.

This prompted a question for me. Does a DNS resolver somehow know what protocol I'm using?
Is there any other way this could be happening? Or is what I read on that forum actually false?

kettlepot
  • 163
  • 1
  • 1
  • 5
  • 1
    HTTPS traffic is encrypted and will throw a certificate warning if your ISP tries to serve their own traffic to you, so it can't be hijacked in the same manner. – ceejayoz Jan 28 '14 at 18:13
  • Disregard my previous comment - this is simply a captive portal. Google it for more info – Dan Jan 28 '14 at 18:16
  • Are you sure this is a captive portal? The page I see doesn't ask me for authentication, nor does my provider block all packets until I view that page. – kettlepot Jan 28 '14 at 22:23

2 Answers2

2

Does a DNS resolver somehow know what protocol I'm using?

No, but it can guess. I mean, a www. starting url is quite likely a web server.

But that is totally not needed. THe provider ust rewrites the http requestas as they go through what is called a transparent proxy. And there they get the target IP and the name of the requested domain.

TomTom
  • 51,649
  • 7
  • 54
  • 136
1

DNS knows nothing about the application's use of the queries it sends. Nor should / can it. This is one of the major reasons the infamous "site finder" hack was such a bad idea, and DNS-based "help pages" are generally broken.

For instance, for flame.org, I may: ssh, mail, web, ftp, finger, or jabber. All DNS does is return a name to address (or other type of data) mapping. If I decide to try to redirect just http requests, that is a fail.

Michael Graff
  • 6,668
  • 1
  • 24
  • 36