[Netalyzr] DNS redirected to third-party servers: www.google.com
Jim Gettys
jg at freedesktop.org
Thu Jun 14 12:47:10 PDT 2012
On 06/14/2012 03:40 PM, Maciej Soltysiak wrote:
> Hi Jim,
>
> My router is latest cerowrt-3.3.8-3, installed about an hour after it
> hit the ftp site.
> I doubt it could got infected so fast.
Nor is the CeroWrt default password in their list, I would guess.
>
> Anyway, when I initially directly asked 8.8.8.8 for www.google.com
> <http://www.google.com> it never responded with the 42.x.y.z
> addresses, but some other ones. Now, after some time, it does as
> well, so I'm feeling calm now.
Yeah, I like the Comcast DNS servers best (since they are closest, have
great performance and implement DNSSEC); when I can't get them, I use
Google.
- Jim
>
> Thanks,
> Maciej
>
>
>
> On Thu, Jun 14, 2012 at 9:33 PM, Jim Gettys <jg at freedesktop.org
> <mailto:jg at freedesktop.org>> wrote:
>
> On 06/14/2012 02:32 PM, Nicholas Weaver wrote:
> > I think this may be a false positive:
> >
> > The systems respond like standard Google servers, both in normal
> communication and in errors (previous situations where this
> occured had the servers respond differently to errors than
> legitimate Google servers). So it could be Google has added some
> new servers in Poland, but not updated the reverse DNS. I will
> contact a friend at google to confirm...
>
> DNSchanger? Remember, that malware attacks your home router as
> well as
> your hosts....
> - Jim
>
> >
> > However, if you want to be extra sure, you can switch to Google
> Public DNS (8.8.8.8 and 8.8.4.4
> >
> >
> > On Jun 14, 2012, at 11:26 AM, Maciej Soltysiak wrote:
> >
> >> Hi,
> >>
> >> My netalyzr runs recently start to show that my ISP redirects
> www.google.com <http://www.google.com> to 3rd party.
> >> I would like to make sure it's me or my ISP and not something
> changed in google CDN or Netalyzr so could anyone else verify if
> you are getting similar results, please?
> >> My run is here:
> >>
> http://n1.netalyzr.icsi.berkeley.edu/summary/id=43ca253f-21386-3947730d-5148-4bce-9140#DNSLookup
> >>
> >> The IPs that get resolved are:
> >> 46.28.247.113
> >> 46.28.247.118
> >>
> >> Possible reasons:
> >> - DNS issues on my home router, which has a bit experimental
> software (cerowrt from bufferbloat.net <http://bufferbloat.net>),
> but it didn't show before on same firmware.
> >> - Ongoing cache poisoning attack. My ISP DNS is 62.21.99.95
> >> - this might be if google is using another pool for CDN then
> it's a false positive. -- I'm located in Poznan, Poland, (Europe)
> >>
> >> Best regards,
> >> Maciej Soltysiak
> >>
> >> _______________________________________________
> >> Netalyzr mailing list
> >> Netalyzr at mailman.ICSI.Berkeley.EDU
> <mailto:Netalyzr at mailman.ICSI.Berkeley.EDU>
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr
> >
> > _______________________________________________
> > Netalyzr mailing list
> > Netalyzr at mailman.ICSI.Berkeley.EDU
> <mailto:Netalyzr at mailman.ICSI.Berkeley.EDU>
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/netalyzr
>
>
More information about the Netalyzr
mailing list