[Klug-general] DNS Hijacking / Poisoning / Weirdness
Mike Evans
mike at tandem.f9.co.uk
Wed Nov 6 12:13:37 UTC 2013
Paul,
I get the same results as per your home - and we use PlusNet too.
[mike at rusty ~]$ host www.google.com
www.google.com has address 74.125.195.103
www.google.com has address 74.125.195.99
www.google.com has address 74.125.195.106
www.google.com has address 74.125.195.105
www.google.com has address 74.125.195.104
www.google.com has address 74.125.195.147
www.google.com has IPv6 address 2a00:1450:400c:c03::93
[mike at rusty ~]$ host www.google.co.uk
www.google.co.uk has address 173.194.66.94
www.google.co.uk has IPv6 address 2a00:1450:400c:c00::5e
Mike
On 06/11/13 12:01, Paul Littlefield wrote:
> Hi Folks
>
> OK, this is a weird one...
>
> ...has anyone else had their browser redirected to google.ro when they
> should be going to google.com?!
>
> + customer using Plus Net as ISP
> + google.co.uk is fine
> + in office dns server running BIND
> + desktops get dns info from dhcp running on same server
>
> If I use 'lynx' on the server to go to google.com, it goes there,
> tries to set a cookie, then goes to google.ro
>
> Do we have some sort of DNS poisoning going on here?
>
> Bizarrely, the IP addresses for google.com are different if I test it
> from home using the same ISP... Plus Net.
>
> server1.customer.co.uk ~ $ host www.google.com
> www.google.com has address 173.194.67.103
> www.google.com has address 173.194.67.105
> www.google.com has address 173.194.67.147
> www.google.com has address 173.194.67.104
> www.google.com has address 173.194.67.99
> www.google.com has address 173.194.67.106
> www.google.com has IPv6 address 2a00:1450:400c:c05::63
>
> paully at paully-samsung-laptop:~$ host www.google.com
> www.google.com has address 74.125.195.99
> www.google.com has address 74.125.195.103
> www.google.com has address 74.125.195.104
> www.google.com has address 74.125.195.105
> www.google.com has address 74.125.195.106
> www.google.com has address 74.125.195.147
> www.google.com has IPv6 address 2a00:1450:400c:c01::93
>
> server1.customer.co.uk ~ $ host www.google.co.uk
> www.google.co.uk has address 173.194.67.94
>
> paully at paully-samsung-laptop:~$ host www.google.co.uk
> www.google.co.uk has address 74.125.195.94
>
> Like I said... a weird one!
>
> :-/
>
> Thanks in advance.
>
More information about the Kent
mailing list