[OTR-dev] OTR homepage DNS poisoned?
Alexandros
irregulator at riseup.net
Tue Dec 8 19:17:32 EST 2015
On 12/09/2015 12:54 AM, Dionysis Zindros wrote:
> Hello,
>
> The OTR homepage at http://otr.cypherpunks.ca/ seems to be
> man-in-the-middled in certain networks. I have checked through various
> different networks with various results.
>
> From the following connections to the Internet, it redirects to
> zeroredirect, which then redirects to casino or adware (mackeeper)
> website:
>
> 1. Through the Greek OTE provider via the hot spot network Fon
> 2. Through the regular Greek OTE network (the major country
> telecommunications provider) from two different endpoints
>
>
> Do you have ideas as to what could be happening?
>
Hello Dionysis,
I use a OTE aDSL connection at the moment and cannot reproduce what you
report.
Specifically,
> dig +short A otr.cypherpunks.ca @192.168.1.1
> 198.96.155.5
> dig +short A otr.cypherpunks.ca @8.8.8.8
> 198.96.155.5
> curl -vvv otr.cypherpunks.ca
> * Rebuilt URL to: otr.cypherpunks.ca/
> * Hostname was NOT found in DNS cache
> * Trying 198.96.155.5...
> * Connected to otr.cypherpunks.ca (198.96.155.5) port 80 (#0)
>> GET / HTTP/1.1
>> User-Agent: curl/7.38.0
>> Host: otr.cypherpunks.ca
>> Accept: */*
>>
> < HTTP/1.1 302 Found
> < Date: Wed, 09 Dec 2015 00:10:08 GMT
> * Server Apache/2.4.7 (Ubuntu) is not blacklisted
> < Server: Apache/2.4.7 (Ubuntu)
> < Location: https://otr.cypherpunks.ca/
Perhaps you could check the resolvers which are set in the moder/router
used by the endpoints where you observe the problem.
I've witnessed DNS hijacking via "tweaking" the resolvers of these home
routers in the past.
Cheers,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151209/9c92a2cf/attachment.sig>
More information about the OTR-dev
mailing list