[Klug-general] DNS Hijacking / Poisoning / Weirdness

Paul Littlefield info at paully.co.uk
Wed Nov 6 12:01:57 UTC 2013


Hi Folks

OK, this is a weird one...

...has anyone else had their browser redirected to google.ro when they should be going to google.com?!

+ customer using Plus Net as ISP
+ google.co.uk is fine
+ in office dns server running BIND
+ desktops get dns info from dhcp running on same server

If I use 'lynx' on the server to go to google.com, it goes there, tries to set a cookie, then goes to google.ro

Do we have some sort of DNS poisoning going on here?

Bizarrely, the IP addresses for google.com are different if I test it from home using the same ISP... Plus Net.

server1.customer.co.uk ~ $ host www.google.com
www.google.com has address 173.194.67.103
www.google.com has address 173.194.67.105
www.google.com has address 173.194.67.147
www.google.com has address 173.194.67.104
www.google.com has address 173.194.67.99
www.google.com has address 173.194.67.106
www.google.com has IPv6 address 2a00:1450:400c:c05::63

paully at paully-samsung-laptop:~$ host www.google.com
www.google.com has address 74.125.195.99
www.google.com has address 74.125.195.103
www.google.com has address 74.125.195.104
www.google.com has address 74.125.195.105
www.google.com has address 74.125.195.106
www.google.com has address 74.125.195.147
www.google.com has IPv6 address 2a00:1450:400c:c01::93

server1.customer.co.uk ~ $ host www.google.co.uk
www.google.co.uk has address 173.194.67.94

paully at paully-samsung-laptop:~$ host www.google.co.uk
www.google.co.uk has address 74.125.195.94

Like I said... a weird one!

:-/

Thanks in advance.

-- 

Paul Littlefield

Telephone: 07801 125705
Email: info at paully.co.uk
Web: http://www.paully.co.uk
Twitter: https://twitter.com/paullittlefield
Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages
Blog: http://www.littlefield.info
Photo: http://gravatar.com/plittlefield
Google+: https://plus.google.com/+PaulLittlefield
LinkedIn: http://uk.linkedin.com/in/paullittlefield
Trakt: http://trakt.tv/user/plittlefield

Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.


x86_64
Ubuntu 13.04
X.Org X Server 1.13.3



More information about the Kent mailing list