[OTR-dev] OTR homepage DNS poisoned?

Alexandros irregulator at riseup.net
Tue Dec 8 19:17:32 EST 2015


On 12/09/2015 12:54 AM, Dionysis Zindros wrote:
> Hello,
> 
> The OTR homepage at http://otr.cypherpunks.ca/ seems to be
> man-in-the-middled in certain networks. I have checked through various
> different networks with various results.
> 
> From the following connections to the Internet, it redirects to
> zeroredirect, which then redirects to casino or adware (mackeeper)
> website:
> 
> 1. Through the Greek OTE provider via the hot spot network Fon
> 2. Through the regular Greek OTE network (the major country
> telecommunications provider) from two different endpoints
> 
> 
> Do you have ideas as to what could be happening?
> 

Hello Dionysis,

I use a OTE aDSL connection at the moment and cannot reproduce what you
report.

Specifically,

> dig +short A otr.cypherpunks.ca @192.168.1.1 
> 198.96.155.5

> dig +short A otr.cypherpunks.ca @8.8.8.8    
> 198.96.155.5

> curl -vvv otr.cypherpunks.ca
> * Rebuilt URL to: otr.cypherpunks.ca/
> * Hostname was NOT found in DNS cache
> *   Trying 198.96.155.5...
> * Connected to otr.cypherpunks.ca (198.96.155.5) port 80 (#0)
>> GET / HTTP/1.1
>> User-Agent: curl/7.38.0
>> Host: otr.cypherpunks.ca
>> Accept: */*
>> 
> < HTTP/1.1 302 Found
> < Date: Wed, 09 Dec 2015 00:10:08 GMT
> * Server Apache/2.4.7 (Ubuntu) is not blacklisted
> < Server: Apache/2.4.7 (Ubuntu)
> < Location: https://otr.cypherpunks.ca/

Perhaps you could check the resolvers which are set in the moder/router
used by the endpoints where you observe the problem.

I've witnessed DNS hijacking via "tweaking" the resolvers of these home
routers in the past.

Cheers,
Alex

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151209/9c92a2cf/attachment.sig>


More information about the OTR-dev mailing list