IS Norton ConnectSafe using Neustar's DNS Adcantage backbone

Status
Not open for further replies.

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Thanks to Woolyss I am now using Chromium without WebRTC (and using command switch --disable-reading-from-canvas) and surfed to Browserleaks to check IP and Canvasfingerprinting.

In my memory using Norton ConnectSafe from Netherlands always showed a server in Ireland, Browserleaks showed a DNS in London (Level 3 communications). So I clicked on the DNS IP and to my surprise it was part of the Neustar infrastructure.

So either I was unaware of something good in the past (Norton DNS using Neustar backbone) or it is really a change. Anyone know whether Norton ConnectSafe was using Neustar (with paid Express DNS and free DNS Advantage service) in the past?
 
H

hjlbx

Of course Norton uses UltraDNS... so does COMODO and others; I think Norton ConnectSafe switched in 2013 or thereabouts.

nslookup 198.85.126.20

non-authoritative response 156.154.175.216

General IP Information
IP: 156.154.175.216
Decimal: 2627383256
Hostname: 156.154.175.216
ASN: 12008
ISP: NeuStar
Organization: NeuStar
Services: None detected
Type: Corporate
Assignment: Static IP
Blacklist:
Geolocation Information
Continent: North America
Country: United States
us.png

State/Region: Virginia
City: Sterling
Latitude: 38.9881 (38° 59′ 17.16″ N)
Longitude: -77.4755 (77° 28′ 31.80″ W)
Postal Code: 20166
 

bjm_

Level 14
Verified
Top Poster
Well-known
May 17, 2015
667
I've been told by my VPN service that employs Google Public that DNS Services tend to rely on other DNS services, in a network of dependencies. ConnectSafe or any DNS, even 8.8.8.8, does not contain all DNS data, and may use Neustar as an information-pool for some of the Sites you were accessing.
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
THX all for the replies, did some checking

a) YES: Upstream DNS traffic uses other DNS servers

b) NO: Comodo uses CCANET

c) YES: Browserleaks London DNS IP-addresses are the same for Norton DNS and DNS Advantage

d) NO: Service is not identical: Norton DNS uses ASK, DNS Advantage Yahoo
 
Last edited:
H

hjlbx

Unless COMODO changed it this is the official FAQ:

Comodo Secure DNS
http://www.comodo.com/secure-dns/

Comodo Secure DNS is a domain name resolution service that resolves your DNS requests through our worldwide network of redundant DNS servers. This can provide a much faster and more reliable Internet browsing experience than using the DNS servers provided by your ISP and does not require any hardware or software installation.

Comodo Secure DNS gives you a safer, smarter and faster Internet because it's:

More Reliable - Comodo Secure DNS's server infrastructure currently spans 15 locations (nodes) and five continents around the world. This allows Comodo to offer you the most reliable fully redundant DNS service anywhere. Each node has multiple servers and is connected by several Tier 1 carriers to the Internet.

Faster - Comodo uses strategically placed nodes are located at the most optimal intersections of the Internet. Unlike most DNS providers, the Comodo our request routing technology means that no matter where you are located in the world, your DNS requests are answered by the closest available set of servers, resulting in information becoming available faster and more reliably than ever before.

Smarter - Comodo's highly structured DNS system and guide pages get you where you want to be, when you inadvertently attempt to go to a site that doesn't exist. Parked' or 'not in use' domains are automatically detected and forwarded.

Safer - As a leading provider of computer security solutions, Comodo is keenly aware of the dangers that plague the Internet today. SecureDNS helps users keep safe online with its malware domain filtering feature. SecureDNS references a real-time block list (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, excessive advertising sites, etc.) and will warn you whenever you attempt to access a site containing potentially threatening content. Additionally, our 'name cache invalidation' solution signals the Comodo Secure DNS recursive servers whenever a DNS record isupdated - fundamentally eliminating the concept of a TTL. Directing your requests through highly secure servers can also reduce your exposure to the DNS Cache Poisoning attacks that may affect everybody else using your ISP.

DNS Advantage
http://www.dnsadvantage.com/dnsadv/index.html

DNS Advantage resolves all of your DNS requests exclusively through UltraDNS's proprietary Directory Services Platform. While most networks use recursive DNS services that are provided by their ISP or that reside on their own set of small DNS servers, DNS Advantage is better - and here's why.

It's More Reliable. UltraDNS's Directory Services Platform currently spans 15 locations and five continents around the world. This allows us to offer you the most reliable fully redundant DNS service anywhere. Each node has multiple servers, and is connected by several Tier 1 carriers to the Internet.

It's Faster. Our strategically placed nodes are located at the most optimal intersections of the Internet. Unlike most DNS providers, UltraDNS's Directory Services Platform uses Anycast routing technology - which means that no matter where you are located in the world, your DNS requests are answered by the closest available DNS Advantage servers. Combine this with our huge cache and we can get the answers you seek faster and more reliably than anyone else.

It's Smarter. Our technology allows us to automatically correct many typing errors you may make. We don't think you should be penalized for inadvertently typing an invalid top level domain address into your browser, so we will correct many "typos" and take you where you intended to go automatically - saving you valuable time and improving your Internet experience. Our DNS Advantage Directory guides you with relevant alternatives when your browser's Address Bar can't resolve your search words or destination.

It's Safer. As the leading authoritative DNS provider, we are keenly aware of the dangers that plague the Internet today. That's why we've created unique security solutions that don't require you to install any hardware or download any software. Our DNS Real-Time Directory (DNS-RTD) signals the DNS Advantage recursive servers anytime one of the UltraDNS authoritative customers or DNS-RTD partners updates a DNS record. This fundamentally eliminates the concept of a TTL by invalidating the recursive server's cache for updated Domains, providing you the most accurate and up to date view of these sites.

Coming Soon We've teamed up with trusted third-party security experts to keep real-time block lists (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, excessive advertising sites, etc.). We will warn you when you attempt to access a site containing potentially threatening content based on the RBL that are updated daily. You can trust us to protect you and your customers from many of the known online dangers.
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Browserleak IP address when using Comodo DNS was a server in London belonging to CCANET :confused:

Official Comodo Secure DNS FAQ does not mention Ultra DNS, only re-uses text of Ultra-DNS :eek:
 
Last edited:
H

hjlbx

Browserleak IP address when using Comodo DNS was a server in London belonging to CCANET :confused:

Official Comodo Secure DNS FAQ does not mention Ultra DNS, only re-uses text of Ultra-DNS :eek:

Above is official COMODO SecureDNS FAQ from COMODO forum.

Reusing others' text doesn't surprise me any...

I did nslookup; returns... BAREFRUIT ! http://www.barefruit.co.uk/

Barefruit.co.uk = long-time, established DNS Hijacker... just when you thought your opinion of COMODO could go no lower...

General IP Information
IP: 92.242.144.50
Decimal: 1559400498
Hostname: unallocated.barefruit.co.uk
ASN: 45028
ISP: Barefruit
Organization: Barefruit
Services: None detected
Type: Broadband
Assignment: Static IP
Blacklist:
Geolocation Information
Continent: Europe
Country: United Kingdom
gb.png

Latitude: 51.4964 (51° 29′ 47.04″ N)
Longitude: -0.1224 (0° 7′ 20.64″ W)
 
  • Like
Reactions: frogboy

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Well re-using someone's other text is common these days ('Melania using text out of Michelle's speech) :D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top