Why must Comcast's DNS suck?

[Chip Marshall]

On November 14, 2006, Steven W. Orr sent me the following:
> On Tuesday, Nov 14th 2006 at 09:06 -0800, quoth Thomas Charron:
> => Brace yourself.  I don't know the current status, but in the past, I know
> =>Comcast has intercepted all DNS queries, regardless or destination, and
> =>redirected them to their own.
> 
> If they do that how can you tell?

I think for that to work, they'd have to spoof the source IP of the
returning UDP packet. I think the only way you'd be able to tell if it's
being tampered with is by comparing the TTL of the returning UDP packets
to what you'd expect to see if they were coming from the actual name
server. Theoretically, the packets from Comcast's nameserver should have
a higher TTL, having traversed less hops to get to you.

-- 
Chip Marshall <chip at 2bithacker.net>     http://kyzoku.2bithacker.net/
GCM/IT d+(-) s+:++ a25>? C++ UB++++$ P+++$ L- E--- W++ N@ o K- w O M+
V-- PS+ PE Y+ PGP++ t+@ R@ tv@ b++@ DI++++ D+(-) G++ e>++ h>++ r-- y?