If my occasional fits of Web-surfing fumble fingers began dumping me summarily on pages of ads and self-proclaimed "search options," I would't put up with it.

Those pages are an imposition. The Domain Name System disruption they involve breaks some Internet services because it returns a live URL when it should return " NXDOMAIN." And they can be dangerous. To protect myself, I would:

First, find the opt out button for that ads&searches page, if there were one, and opt out.

Second, make a reasonable effort to learn whose page it was. Those pages are usually a "service" your Internet Services Provider misnames "typo correction," and clearly identified in some way as theirs.

Third, complain to my ISP. If they were identifiably the sponsor of the misservice, I would protest. Otherwise, I would report it as an error. It may be worse than that. As noted by Danny McPherson, director of security research for Arbor Networks, there several ways DNS can be used against you. Whatever the cause, be sure your ISP knows network kidnapping is unacceptable to you.

Fourth, having lost confidence in the Domain Name System provider who blighted my day, I would surf to OpenDNS, create an account, register my network and turn off typo correction. "Typo correction" is one name for that browser-kidnapping misservice, and at OpenDNS you can quite reliably turn it off.

As I write, I find no evidence that Time Warner is still disrupting the network in this way, although they did experiment with it and could still be doing so in areas I have not probed.

Earthlink, Comcast, Verizon and a long list of others apparently are, however, and OpenDNS is the most readily applied solution I have found to both stop the browser kidnapping and avoid the potential dangers it poses.

If you register and search among the users, you will find me there.

The editor of an ecclesiastical newspaper was up past midnight in Israel a few months ago, trying to post an Editor's Journal blog.

Here in Raleigh I watched through an encrypted shell connection as his blog server smoothly delivered services to users somewhere, while on the same machine a Firefox browser misinformed me that the site was down. On a second machine, my Wireshark network analyzer argued that the "site-down" messages were coming from what presented itself as one of a major ISP's Domain Name System servers -- not from the Southern Connections blog server.

Everaldo Coelho and YellowIcon

GNU Lesser General Public License

Domain Name System (DNS) servers translate human-friendly names like southernconnections.com, which we can remember and use, into numerical Internet addresses like 207.243.70.226, which are required by the machines which drive Internet services.

Hoping to duck around what to my eye was a species DNS blockage, I fed Firefox a carefully crafted mixture of numerical internet address and text, only to be dumped onto a page of ads. Whereupon I turned to the Wireshark machine and we dug out the owner of the ad page's domain name -- a British company called Barefruit.

That's when I began growling at myself about ISP techs who misconfigure DNS manipulation software.

EarthLink, for example, has used Barefruit since August of 2006 to return Web pages full of search terms and advertising when a DNS server can't the Web page a Web surfer asked for. Usually because a case of fumble fingers on the keyboard misspelled something. That practice has a lot of ugly names, like typosquatting.

This process of creating on the fly a subdomain of an Internet domain someone else owns, and displaying ads there, is said to make Earthlink, Quest and other ISPs a lot of money. Whether that's something they should be doing is a legal and political issue. I think not, and will explore why another time.

There is also an abundance of associated legal issues which are out of my realm, but my encounters with the live process in the wild have taught me that it's not a tame technology, and can be quite aggressive. Without pointing at any particular vendor, more aggressive than it is probably intended to be.

This time, the editor was losing sleep in Israel, trying to post a blog to the Editor's Journal, and I wanted to find some configuration of my own which had provoked the beast. One I could change and send the beasat away. Being at fault myself was fine, as long as I could solve the problem.

I knew there was nothing amiss in my DNS tables (though I reviewed and tested them again to be sure). Every DNS table I set up has the protective "wildcard" entry which purveyors of this service say offers immunity.

Of course I explored use of a variety of DNS servers, finding none that were both guaranteed to quiet the issue and likely to be of use in Israel.

So I scoured the blog configuration and source code for anything that could emit the illusion of a DNS error or like provocation, and changed nothing which talked to the network. Nor did I change anything else about the messages Southern Connections' servers were emitting.

Yet the problem went away, albeit too late to make the editor's time in Israel more pleasant. It left like some nocturnal predator, padding off for inscrutable reasons to another hunting ground.

I hadn't caused or fixed it. Until Saturday when learned from Wired's Threat Level blog of Seattle network security analyst Dan Kaminsky's recent work, I wasn't sure understood it correctly.

Kaminsky showed that dozens of ISP's like and including Earthlink are using Barefruit or other, similar technologies to mount advertising on what are by some standard "unused" subdomains of live, legitimate Web presences, that security-threatening javascript was involved and other issues are in play.

Let me illustrate. For these purposes, journal.example.com is a subdomain of example.com. The "journal" subdomain is "unused" if it isn't properly recorded in the DNS tables of example.com's owners. As a result, when a DNS server is asked about journal.example.com, unless that wildcard entry I mentioned earlier is present , the DNS server answers "NXDOMAIN."

That means "no such domain" and according to those involved, that "NXDOMAIN" message is the trigger which deploys ad-rich subdomain pages to some unfortunate Web user.

Unless the editor is in Israel losing sleep, trying to post a blog entry his Web strategy requires him to publish. Then in keeping with Murphy's Law, a well-known subdomain can be interfered with in various and perhaps technologically subtle ways which amount to denial of service.

When it goes awry like that, it is expensive for companies like mine. It means sleepless nights for those of us who put our clients first, and for our clients. It is disruptive for consumers of Internet services in ways network neutrality would prevent . And in this case, as Kaminsky explained and demonstrated, the hijacking also deployed pages which were flawed in ways that endangered those who received them.

Kaminsky, who is well-known for his part in the Sony rootkit incident, was I think right to suggest that even viewed solely from a security standpoint, the process makes securing client domains problematic. It thereby threatens us all. One domain and a time.