Nxdomain redirect revenue

Tue Sep 27 21:13:32 UTC 2011

> From nanog-bounces+bonomi=mail.r-bonomi.com at nanog.org  Tue Sep 27 15:54:37 2011
> Date: Tue, 27 Sep 2011 13:54:26 -0700
> From: JC Dill <jcdill.lists at gmail.com>
> To: NANOG list <nanog at nanog.org>
> Subject: Re: Nxdomain redirect revenue
>
> On 27/09/11 7:20 AM, William Allen Simpson wrote:
> >
> >
> >> Most likely the ISPs'  lawyers were smart enough to include a clause
> >> in the ToS/AUP allowing
> >> the ISP to intercept, blackhole, or redirect access to any hostname or
> >> IP address.
> >>
> > It's not legal to insert a clause allowing criminal conduct.  There's
> > no safe haven for criminal conduct.
>
>
> I'm not sure that it's *illegal to insert a clause* for conduct that is 
> forbidden by law.  I'm pretty sure you can claim almost anything in the 
> contract.  What is illegal is enforcement of an illegal clause.  Law 
> trumps contract terms - that's WHY we have civil laws - to protect 
> people from unscrupulous business dealings.  And that's why most 
> contracts have a clause that says if a particular clause in the contract 
> is found invalid the rest of the contract still stands - because so many 
> contracts DO have invalid clauses.  For example, many employment 
> contracts have non-compete clauses that forbid the employee from going 
> to work for a competitor.  But in many states these clauses violate the 
> state's right-to-work laws.  The company lawyers KNOW the clause is 
> illegal, but they insert it in the employment contracts anyway, to try 
> to fool employees into thinking they will get sued if they go to work 
> for a competitor.
>
>
> >> The name for an ISP intercepting traffic from its own users is  not
> >> "interference"  or  "DoS",
> >> because they're breaking the operation of (er) only their own network.
> >>
> > No, they're breaking the operation of my network and my computers.  My
> > network connects to their network.
>
> But you have no recourse, their network, their rules.  (Right?)  You 
> *might* have recourse if they were modifying traffic you sent to their 
> customer, but in this case they are modifying traffic that originates 
> FROM their customer.  I'm not convinced that redirecting this traffic is 
> any different from blocking it (e.g. firewall to prevent employees from 
> accessing facebook or torrents).
>
> I believe the only entity who has recourse is the entity who is paying 
> them for service - e.g. their (paying) customer.

In the specific case of 'falsifying' a DNS return for what would have been
a NXDOMAIN, that is "mostly' correct.  but consider whqat happens  when 
you get into the situation of querying a DNSBL operator -- where an 'error'
result _is_ a desired return value.

Now, when the provider returns 'false and misleading' data for what would 
be, under normal conditions, a SUCCESSFUL query -- say, returning a 'bogus'
address for a well-known search-engine, so as to bee able to manipulate the
results -- then the party whose traffic is being 'stolen', and sent to the 
bogus server, THAT party may well have grounds for a civil suit for 'tortuous
interference with a business relationship'.  In this situation, there are 
also possible criminal sanctions, under 'wiretapping' prohibitions, among
others.