Results 1 to 17 of 17
Thread: Google @ RS?
-
10-02-2003, 11:23 PM #1Web Hosting Master
- Join Date
- Sep 2002
- Location
- Washington DC
- Posts
- 2,514
Google @ RS?
Tracing route to google.com [207.44.220.30]
over a maximum of 30 hops:
1 7 ms 7 ms 6 ms 10.17.144.1
2 7 ms 7 ms 7 ms vl7.aggr1.lnh.md.rcn.net [207.172.11.131]
3 8 ms 7 ms 7 ms ge0-0.border1.lnh.md.rcn.net [207.172.15.5]
4 10 ms 9 ms 10 ms so-2-0-1.pr1.iad1.us.above.net [64.125.12.1]
5 9 ms 10 ms 9 ms so-2-0-0.cr1.iad1.us.above.net [208.185.0.138]
6 13 ms 10 ms 9 ms so-1-0-0.cr1.dca2.us.above.net [208.184.233.125]
7 27 ms 20 ms 22 ms pos2-0.pr1.atl4.us.mfnx.net [208.184.232.50]
8 20 ms 20 ms 21 ms so-0-0-0.cr1.atl2.us.mfnx.net [208.185.0.217]
9 40 ms 34 ms 33 ms so-3-0-0.mpr1.iah1.us.above.net [64.125.31.25]
10 60 ms 59 ms 59 ms 216.200.251.61.ev1.net [216.200.251.61]
11 * * * Request timed out.
Google is down for me (atleast from where I am, google does have many many servers AFAIK). But why is it trying to trace through ev1/rs?
-
10-02-2003, 11:26 PM #2Junior Guru
- Join Date
- Oct 2001
- Location
- San Mateo, CA
- Posts
- 224
Google is not at rackshack. they are at abovenet and some other data centres.
-
10-02-2003, 11:27 PM #3Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 1,443
..
Synergy Blue LLC
SonataWeb.net | SynergyBlue.com
USA should so something about: http://www.brillig.com/debt_clock/
-
10-02-2003, 11:30 PM #4Web Hosting Master
- Join Date
- Sep 2002
- Location
- Washington DC
- Posts
- 2,514
Originally posted by takiman
Google is not at rackshack. they are at abovenet and some other data centres.
-
10-02-2003, 11:31 PM #5Web Hosting Master
- Join Date
- Mar 2002
- Location
- Grand Canyon State
- Posts
- 591
There was some strange routing for Google today based on what dns server you were using. My assistant today could not connect to Google on his pc, but anywhere else was fine. I use a different server and I was fine.
-
10-02-2003, 11:32 PM #6Junior Guru
- Join Date
- Oct 2001
- Location
- San Mateo, CA
- Posts
- 224
that is weird. my nslookups resolve to
Name: google.com
Addresses: 216.239.53.99, 216.239.37.99
-
10-02-2003, 11:32 PM #7Web Hosting Master
- Join Date
- Sep 2002
- Location
- Washington DC
- Posts
- 2,514
Originally posted by kingpcgeek
There was some strange routing for Google today based on what dns server you were using. My assistant today could not connect to Google on his pc, but anywhere else was fine. I use a different server and I was fine.
-
10-03-2003, 02:41 AM #8WHT Addict
- Join Date
- Oct 2002
- Location
- Erin, TN
- Posts
- 156
There's a trojan, virus, whatever going around that modifies windows systems to direct you to another site when you try to bring up Google. It modifies the registry to point the hosts file to a non-standard place, and changes your default dns servers. Give me a bit and I'll find a site with more information on it.
-
10-03-2003, 02:50 AM #9WHT Addict
- Join Date
- Oct 2002
- Location
- Erin, TN
- Posts
- 156
Here we go: http://vil.nai.com/vil/content/v_100719.htm. Note that the URL says you may be directed to IP 207.44.220.30, though it's also been reported to direct people to 207.44.194.56. When I did a traceroute on the second IP, I got:
traceroute to 207.44.194.56 (207.44.194.56), 30 hops max, 38 byte packets
1 12.153.203.129 (12.153.203.129) 30.044 ms 31.374 ms 32.829 ms
2 10.100.9.137 (10.100.9.137) 41.648 ms 41.423 ms 42.552 ms
3 192.168.110.21 (192.168.110.21) 44.406 ms 40.466 ms 42.450 ms
4 12.119.233.209 (12.119.233.209) 46.468 ms 48.687 ms 47.510 ms
5 gbr1-p58.hs1tx.ip.att.net (12.123.212.6) 53.028 ms 54.210 ms gbr2-p58.hs1tx.ip.att.net (12.123.212.2) 53.128 ms
6 tbr2-p013701.hs1tx.ip.att.net (12.122.12.149) 52.161 ms tbr2-p0****1.hs1tx.ip.att.net (12.122.12.145) 52.693 ms 53.948 ms
7 tbr1-cl1.dlstx.ip.att.net (12.122.10.129) 55.771 ms 58.944 ms 56.254 ms
8 ggr1-p360.dlstx.ip.att.net (12.123.16.241) 55.662 ms 57.786 ms 56.713 ms
9 IPP-dllstx9lce1-pos5-0.wcg.net (64.200.232.201) 58.172 ms 58.064 ms 57.184 ms
10 dllstx1wcx2-oc48.wcg.net (64.200.110.81) 64.339 ms 60.341 ms 62.535 ms
11 hstntx1wce2-pos4-0.wcg.net (64.200.240.74) 60.528 ms 60.230 ms 61.530 ms
12 hstntx1wce2-everyonesinternet-gige.wcg.net (65.77.93.54) 62.356 ms 69.491 ms 60.448 ms
13 39.ev1.net (207.218.245.39) 61.947 ms 60.000 ms 62.202 ms
14 207.44.194.56 (207.44.194.56) 61.866 ms 63.826 ms 62.460 ms
-
10-03-2003, 05:11 AM #10Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
You have a trojan! I had this two days ago (a few hours before NAI even posted an alert about it -- ick).
That NAI site has some good removal instructions. Most AV software does not detect this yet.
It's not your fault you have it either -- it was originally being distributed via an ad through FortuneCity and various content partners they run ads on.
Do not just delete the hosts file -- you should actually modify the registry setting like they recommend, or various network things will not function (ie: having this actually will break Perl's LWP module because gethostbyname will no longer function -- a funky side affect that was driving me crazy before I knew it was a trojan!)Jim Reardon - jim/amusive.com
-
10-03-2003, 03:03 PM #11Web Hosting Master
- Join Date
- Sep 2002
- Location
- Washington DC
- Posts
- 2,514
Originally posted by amusive.com
You have a trojan! I had this two days ago (a few hours before NAI even posted an alert about it -- ick).
-
10-03-2003, 03:14 PM #12Web Hosting Master
- Join Date
- May 2003
- Location
- Philadelphia
- Posts
- 970
heh there was a post i made in the security forum before any AV vendor had their alerts out. Even though my theory about this particular attack may have been incorrect, the theory holds true. If this attack method becomes more popular it is going to get really nasty.
http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!
-
10-03-2003, 03:14 PM #13Web Hosting Master
- Join Date
- Sep 2002
- Location
- Washington DC
- Posts
- 2,514
Is it possible to be like... "half infected"? I have some of the things listed done to my computer... but not all.
-
10-03-2003, 03:15 PM #14Web Hosting Master
- Join Date
- May 2003
- Location
- Philadelphia
- Posts
- 970
Its always possible the code did not fully execute of your system for one reason or another
http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!
-
10-03-2003, 09:00 PM #15Web Hosting Master
- Join Date
- Sep 2001
- Location
- Seattle, WA
- Posts
- 3,085
Some things also weren't on my system either (one of the registry keys it says that it creates, for exaple).
Jim Reardon - jim/amusive.com
-
10-03-2003, 11:03 PM #16Web Hosting Master
- Join Date
- Feb 2002
- Posts
- 771
download this http://www.tomcoyote.org/hjt/ and run it.. After you run the program you will see that all (or most) of your search engines will all resolve to the same IP address, you need to Click all the "01" files and remove them also it is a good idea to remove this from the registry host file also ( but make a back up of it first in case you screw up)
It is a very simple to fix..
RobertLight travels faster than sound, which is why some people appear bright until you hear them speak.
-
10-04-2003, 01:26 AM #17Disabled
- Join Date
- Aug 2003
- Posts
- 338
interesting