Today google is having a hiccup in Colombia. Users accessing www.google.com are having the following result:
That looked weird. I was wondering if it was some kind of DNS spoofing attack, but it's not. www google.com.co is working ok, but not www.google.com. Both of them are in the same netblock:
TCP stream of packet capture shows a redirection to a non-existent file:
Full packet capture of this problem can be downloaded here. Are you noticing the same problem? Please contact us!
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 194 Posts ISC Handler Nov 30th 2013 |
Thread locked Subscribe |
Nov 30th 2013 7 years ago |
The initial redirect has the header "Server: Apache" (unusual for Google) and an "Age:" header (suggesting a proxy). The RTT (1ms) and TTL (63) suggest the TCP connection was terminated near the client. Seems like a broken, malicious or compromised transparent proxy - very interesting if this is being seen on several unrelated networks?
|
Simon 1 Posts |
Quote |
Nov 30th 2013 7 years ago |
Yes, this was seen in several unrelated networks this morning. Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed.
|
Manuel Humberto Santander Pelaacuteez 194 Posts ISC Handler |
Quote |
Nov 30th 2013 7 years ago |
Quoting Manuel Humberto Santander Pelaacuteez:Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed. Wait... Columbian ISP carriers are hijacking browser traffic, and redirecting it to their proxies "To cache it", on a routine basis? |
Mysid 146 Posts |
Quote |
Nov 30th 2013 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!