ISP redirect page


An ISP redirect page is a spoof page served by major ISPs including: Cox Communications, Embarq, Verizon, Rogers, Earthlink, and various others when World Wide Web users enter an invalid DNS name.
If a user types in an incorrect Uniform Resource Locator, for example http://wikipedia.orf instead of http://wikipedia.org, the ISP's DNS server will respond with a spoofed DNS response that redirects the user to an advertising web page.

How it works

resolution is the process of translating a human-readable domain name into an IP address that computers can use. Every ISP runs a DNS server to allow their customers to translate domain names into IP addresses that computers understand and use. When an ISP's DNS server receives a request to translate a name, according to RFC the DNS server should return the associated IP address to the customer's computer which is then able to connect to the requested resource.
When the ISP's DNS server receives a request for a name that is not recognized or is unavailable, some ISPs spoof the NX response and instead return the IP address of a search or advertising page to the client. When the client is using a web browser, this will display a search page that contains possible suggestions on the proper address and a small explanation of the error. These search pages often contain advertising that is paid to the ISP.
Sometimes, a customer can opt-out of this service, but the opt-out is frequently not implemented at the same layer as the spoofing. Opt-out procedures vary from ISP to ISP in both their method of implementation and effectiveness.