ISP non-DNS hijack?

[OpenSource Ghost]

Normally DNS is what ISP's hijack to serve "their own version" of content, but are there other ways ISP's can hijack connections to do the same? The reason I ask is because my ISP's DNS resolvers are blocked everywhere - client devices, router, and private local DNS server. ISP DNS resolvers do not show up on any tests, encrypted DNS (DoH, DoT, DNSSEC) is used everywhere on my network, plaintext DNS outbound UDP port 53 is blocked on WAN, etc. Even with all that, I still get ads of my local ISP advertising itself via iTunes radio on devices not protected by VPN. My ISP exists only in my small town. It either manages to hijack DoH and/or DoT connections or DNS hijack isn't the only way for ISP's to promote "their version" of content.

 

[philb2]

Normally DNS is what ISP's hijack to serve "their own version" of content, but are there other ways ISP's can hijack connections to do the same? The reason I ask is because my ISP's DNS resolvers are blocked everywhere - client devices, router, and private local DNS server. ISP DNS resolvers do not show up on any tests, encrypted DNS (DoH, DoT, DNSSEC) is used everywhere on my network, plaintext DNS outbound UDP port 53 is blocked on WAN, etc. Even with all that, I still get ads of my local ISP advertising itself via iTunes radio on devices not protected by VPN. My ISP exists only in my small town. It either manages to hijack DoH and/or DoT connections or DNS hijack isn't the only way for ISP's to promote "their version" of content.

No way to get Comcast or Verizon? Satellite dish?

 

[Nobu]

Are the ads embedded in pages that normally don't have ads (even without ad blockers), or are they where ads normally appear? If the latter, they may have bought legit ads from google/etc, and the advertiser was able to determine you are in that ISP's service area somehow, so they're serving those ads.

 

[kydsid]

I think not protected by vpn is the giveaway. Your ISP knows it's IPs. I think your getting ads based on your public IP which belongs to your ISPs range.

 

[OpenSource Ghost]

Are the ads embedded in pages that normally don't have ads (even without ad blockers), or are they where ads normally appear? If the latter, they may have bought legit ads from google/etc, and the advertiser was able to determine you are in that ISP's service area somehow, so they're serving those ads.

iTunes radio station audio ads are the only ones that mention my ISP in-between tracks. All other ads (Google/YouTube, Amazon, Apple, Netflix) are generic.

 

[toast0]

I would guess it's just IP or location targetted ads. But your ISP can see all your traffic, and can manipulate anything that doesn't have strong, properly implemented crypto with reasonable Certificate Authorities set.

I have no idea what iTunes radio does for ads, but a) I'd guess they're probably using https with the Apple root CA set which is fine as long as your ISP isn't the CIA, b) I'd be surprised if their ad market is any more expensive than the rest of internet radio advertising, and if so, it's like super cheap to advertise, so seems like a good place to start advertising if you're a local ISP without a lot of competition. A lot of times, people use internet radio in restaurants or other public places (often without appropriate licensing, but that's another topic), so it's reasonable to think someone other than that subscriber might be listing and could be swayed.

 

[SamirD]

If you're only getting these ads during non-vpn use, then it's just geo-targetting with a shotgun approach on the ad campaign. Nothing to worry about.