<div>Hi Jim,</div><div> </div><div>My router is latest cerowrt-3.3.8-3, installed about an hour after it hit the ftp site.</div><div>I doubt it could got infected so fast.</div><div> </div><div>Anyway, when I initially directly asked 8.8.8.8 for <a href="http://www.google.com">www.google.com</a> it never responded with the 42.x.y.z addresses, but some other ones. Now, after some time, it does as well, so I'm feeling calm now.</div>
<div> </div><div>Thanks,</div><div>Maciej</div><div><br><br> </div><div class="gmail_quote">On Thu, Jun 14, 2012 at 9:33 PM, Jim Gettys <span dir="ltr"><<a href="mailto:jg@freedesktop.org" target="_blank">jg@freedesktop.org</a>></span> wrote:<br>
<blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"><div class="im">On 06/14/2012 02:32 PM, Nicholas Weaver wrote:<br>
> I think this may be a false positive:<br>
><br>
> The systems respond like standard Google servers, both in normal communication and in errors (previous situations where this occured had the servers respond differently to errors than legitimate Google servers). So it could be Google has added some new servers in Poland, but not updated the reverse DNS. I will contact a friend at google to confirm...<br>
<br>
</div>DNSchanger? Remember, that malware attacks your home router as well as<br>
your hosts....<br>
<span class="HOEnZb"><font color="#888888"> - Jim<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
><br>
> However, if you want to be extra sure, you can switch to Google Public DNS (8.8.8.8 and 8.8.4.4<br>
><br>
><br>
> On Jun 14, 2012, at 11:26 AM, Maciej Soltysiak wrote:<br>
><br>
>> Hi,<br>
>><br>
>> My netalyzr runs recently start to show that my ISP redirects <a href="http://www.google.com" target="_blank">www.google.com</a> to 3rd party.<br>
>> I would like to make sure it's me or my ISP and not something changed in google CDN or Netalyzr so could anyone else verify if you are getting similar results, please?<br>
>> My run is here:<br>
>> <a href="http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-21386-3947730d-5148-4bce-9140#DNSLookup" target="_blank">http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-21386-3947730d-5148-4bce-9140#DNSLookup</a><br>
>><br>
>> The IPs that get resolved are:<br>
>> 46.28.247.113<br>
>> 46.28.247.118<br>
>><br>
>> Possible reasons:<br>
>> - DNS issues on my home router, which has a bit experimental software (cerowrt from <a href="http://bufferbloat.net" target="_blank">bufferbloat.net</a>), but it didn't show before on same firmware.<br>
>> - Ongoing cache poisoning attack. My ISP DNS is 62.21.99.95<br>
>> - this might be if google is using another pool for CDN then it's a false positive. -- I'm located in Poznan, Poland, (Europe)<br>
>><br>
>> Best regards,<br>
>> Maciej Soltysiak<br>
>><br>
>> _______________________________________________<br>
>> Netalyzr mailing list<br>
>> <a href="mailto:Netalyzr@mailman.ICSI.Berkeley.EDU">Netalyzr@mailman.ICSI.Berkeley.EDU</a><br>
>> <a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr</a><br>
><br>
> _______________________________________________<br>
> Netalyzr mailing list<br>
> <a href="mailto:Netalyzr@mailman.ICSI.Berkeley.EDU">Netalyzr@mailman.ICSI.Berkeley.EDU</a><br>
> <a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr</a><br>
<br>
</div></div></blockquote></div><br>