[Klug-general] DNS Hijacking / Poisoning / Weirdness
Alan
alan at hipnosi.org
Wed Nov 6 12:14:28 UTC 2013
Googles name servers return IP address of google.com according to your
ISP/Location, for load balancing purposes probably. So... the .ro,
could be a temporary screw us in google NS?
For instance on a virgin connection (in London) this is how it looks:
root at x:~# host google.com
google.com has address 62.252.169.152
google.com has address 62.252.169.162
google.com has address 62.252.169.153
google.com has address 62.252.169.182
etc...
On a BT connection:
[root at xx ~]# host www.google.com
www.google.com has address 173.194.41.115
www.google.com has address 173.194.41.116
www.google.com has address 173.194.41.114
www.google.com has address 173.194.41.113
www.google.com has address 173.194.41.112
On a french connection
[root at xxx ~]# host www.google.com
www.google.com has address 173.194.70.147
www.google.com has address 173.194.70.105
www.google.com has address 173.194.70.99
www.google.com has address 173.194.70.103
www.google.com has address 173.194.70.106
www.google.com has address 173.194.70.104
On 06/11/13 12:01, Paul Littlefield wrote:
> Hi Folks
>
> OK, this is a weird one...
>
> ...has anyone else had their browser redirected to google.ro when they
> should be going to google.com?!
>
> + customer using Plus Net as ISP
> + google.co.uk is fine
> + in office dns server running BIND
> + desktops get dns info from dhcp running on same server
>
> If I use 'lynx' on the server to go to google.com, it goes there,
> tries to set a cookie, then goes to google.ro
>
> Do we have some sort of DNS poisoning going on here?
>
> Bizarrely, the IP addresses for google.com are different if I test it
> from home using the same ISP... Plus Net.
>
> server1.customer.co.uk ~ $ host www.google.com
> www.google.com has address 173.194.67.103
> www.google.com has address 173.194.67.105
> www.google.com has address 173.194.67.147
> www.google.com has address 173.194.67.104
> www.google.com has address 173.194.67.99
> www.google.com has address 173.194.67.106
> www.google.com has IPv6 address 2a00:1450:400c:c05::63
>
> paully at paully-samsung-laptop:~$ host www.google.com
> www.google.com has address 74.125.195.99
> www.google.com has address 74.125.195.103
> www.google.com has address 74.125.195.104
> www.google.com has address 74.125.195.105
> www.google.com has address 74.125.195.106
> www.google.com has address 74.125.195.147
> www.google.com has IPv6 address 2a00:1450:400c:c01::93
>
> server1.customer.co.uk ~ $ host www.google.co.uk
> www.google.co.uk has address 173.194.67.94
>
> paully at paully-samsung-laptop:~$ host www.google.co.uk
> www.google.co.uk has address 74.125.195.94
>
> Like I said... a weird one!
>
> :-/
>
> Thanks in advance.
>
More information about the Kent
mailing list