[opensuse] Spyware on my laptop? (hope it's not OT)
Well, i really don't know what to thing, this laptop has exclusively linux (opensuse 10.2) and using firefox from home i get (too) often redirected to www.city.ws/notfound.asp while trying to access any page (google.com, local forums, etc), it's intermitent. Initially i blamed my Linksys WRT54GX4 access point at home, so i bypassed and conected the radiomodem directly to my laptop. The problem was still there. Then i blamed the ISP, maybe they were using some proxy or something alike. So, now i take the laptop to the office and don't longer get the city.ws redirection, well, it's not the laptop, BUT trying to access a non existant homepage (http://www.glog.ne/ for example) i get this: --------------- Microsoft VBScript runtime error '800a0005' Invalid procedure call or argument: 'Left' /includestuff.asp, line 29 --------------- This message also appeared at home. Later i blamed firefox or maybe an extension with ads or something like that. Trying to access www.glog.ne with konqueror still gives me the VBScript error, and between my laptop and internet there's only a cisco router. So, WTF?!, why am i getting a VBScript error on a linux laptop running firefox and accessing nonexistant pages?! Anyone has seen this? or know what is this city.ws thing? Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 08 June 2007, Ciro Iriarte wrote:
Then i blamed the ISP, maybe they were using some proxy or something alike.
The proxy still sounds like the most likely problem. They might have a "transparant" proxy between you and the net. Visit http://whatsmyip.net/ and see if the IP it reports matches your machine's IP You can also use tracetcp: http://tracetcp.sourceforge.net/usage_proxy.html -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ciro Iriarte wrote:
So, WTF?!, why am i getting a VBScript error on a linux laptop running firefox and accessing nonexistant pages?!
do you have the same isp at work and at home? or may be the two of them uses some microsoft server jdd -- http://www.dodin.net http://gourmandises.orangeblog.fr/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, John Andersen
On Friday 08 June 2007, Ciro Iriarte wrote:
Then i blamed the ISP, maybe they were using some proxy or something alike.
The proxy still sounds like the most likely problem.
They might have a "transparant" proxy between you and the net.
Visit http://whatsmyip.net/ and see if the IP it reports matches your machine's IP
You can also use tracetcp: http://tracetcp.sourceforge.net/usage_proxy.html
-- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Talked to people i know on the ISP and they say there's no proxy there. Also my second test was at the office, without any proxy and got the same asp error.... Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, jdd
Ciro Iriarte wrote:
So, WTF?!, why am i getting a VBScript error on a linux laptop running firefox and accessing nonexistant pages?!
do you have the same isp at work and at home? or may be the two of them uses some microsoft server
jdd
At the office there's a MS ISA server for the normal users, but for this test i used a direct conection trough (you spell it like that?) a cisco router doing NAT. Also noticed this: ciro@roamer:~> ping www.this.doesnt.exist PING www.this.doesnt.exist.local.net (206.225.95.129) 56(84) bytes of data. 64 bytes from 206-225-95-129.dedicated.abac.net (206.225.95.129): icmp_seq=1 ttl=111 time=218 ms 64 bytes from 206-225-95-129.dedicated.abac.net (206.225.95.129): icmp_seq=2 ttl=111 time=220 ms 64 bytes from 206-225-95-129.dedicated.abac.net (206.225.95.129): icmp_seq=3 ttl=111 time=216 ms --- www.this.doesnt.exist.local.net ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 2999ms rtt min/avg/max/mdev = 216.692/218.569/220.322/1.579 ms Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 08 June 2007, Ciro Iriarte wrote:
Talked to people i know on the ISP and they say there's no proxy there. Also my second test was at the office, without any proxy and
Then try another browser, or change the default search engine setting in your browser if you have such. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, John Andersen
On Friday 08 June 2007, Ciro Iriarte wrote:
Talked to people i know on the ISP and they say there's no proxy there. Also my second test was at the office, without any proxy and
Then try another browser, or change the default search engine setting in your browser if you have such.
-- _____________________________________ John Andersen
As stated on my original mail y also tried konqueror, and i just input the the wrong/not existant address on the browser's address box. Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 08 June 2007, John Andersen wrote:
On Friday 08 June 2007, Ciro Iriarte wrote:
Talked to people i know on the ISP and they say there's no proxy there. Also my second test was at the office, without any proxy and
Then try another browser, or change the default search engine setting in your browser if you have such.
But did you visit the whatsmyip.net and compare it to what your local IP really is as I mentioned in my first message? -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, John Andersen
On Friday 08 June 2007, John Andersen wrote:
On Friday 08 June 2007, Ciro Iriarte wrote:
Talked to people i know on the ISP and they say there's no proxy there. Also my second test was at the office, without any proxy and
Then try another browser, or change the default search engine setting in your browser if you have such.
But did you visit the whatsmyip.net and compare it to what your local IP really is as I mentioned in my first message?
-- _____________________________________ John Andersen
Just tried, and i get and IP from the range assigned to the office, i don't have administrative access to the router, but i assume this ip is the one of the router. Ciro Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 09 June 2007 02:47, Ciro Iriarte wrote:
As stated on my original mail y also tried konqueror, and i just input the the wrong/not existant address on the browser's address box. Are you running the NoScript addon with Firefox?
... try clearing the Firefox personal data, cache, etc.... and then run NoScript. -- Kind regards, M Harris <>< -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ciro Iriarte wrote:
Well, i really don't know what to thing, this laptop has exclusively linux (opensuse 10.2) and using firefox from home i get (too) often redirected to www.city.ws/notfound.asp while trying to access any page (google.com, local forums, etc), it's intermitent. Initially i blamed my Linksys WRT54GX4 access point at home, so i bypassed and conected the radiomodem directly to my laptop. The problem was still there.
Then i blamed the ISP, maybe they were using some proxy or something alike. So, now i take the laptop to the office and don't longer get the city.ws redirection, well, it's not the laptop, BUT trying to access a non existant homepage (http://www.glog.ne/ for example) i get this:
--------------- Microsoft VBScript runtime error '800a0005'
Invalid procedure call or argument: 'Left'
/includestuff.asp, line 29 ---------------
This message also appeared at home. Later i blamed firefox or maybe an extension with ads or something like that. Trying to access www.glog.ne with konqueror still gives me the VBScript error, and between my laptop and internet there's only a cisco router.
So, WTF?!, why am i getting a VBScript error on a linux laptop running firefox and accessing nonexistant pages?!
Anyone has seen this? or know what is this city.ws thing?
Ciro
VBScript can be encapsulated within MS javascript and has a legitimate usage within ASP. Have you checked your DNS and Proxy settings? One possibility is that you are now being passed to a rogue DNS/Proxy which is directing queries to a rogue server. There are some exploits in the wild which can changes these settings though Linux users are not normally vulnerable. BTW If you access web stuff while root you are leaving yourself a little open to such attacks. Firefox while better than IE is not perfect. Test with a non-mozilla based browser like Opera as well. Clear out cache a disable scripting and see what happens. Have you acquired any new toolbars/widgets recently? Who are city.ws? Someone (I think it was Veritas) pulled the stunt of directing unknown IP enquiries to one of their marketing servers which caused much irritation a while back. If city.ws are your ISP ask questions? (If your home modem is on defaults there is a known exploit which can change the DNS setting of your home modem if your admin password is the manufacturers default). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGamLHasN0sSnLmgIRAmVDAKDbHwDCei49V/NKel4GqbIOO5XMfgCg8Bjj vUsth2GH+v2k2juQv/YoxLw= =ndh8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, G T Smith
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ciro Iriarte wrote:
Well, i really don't know what to thing, this laptop has exclusively linux (opensuse 10.2) and using firefox from home i get (too) often redirected to www.city.ws/notfound.asp while trying to access any page (google.com, local forums, etc), it's intermitent. Initially i blamed my Linksys WRT54GX4 access point at home, so i bypassed and conected the radiomodem directly to my laptop. The problem was still there.
Then i blamed the ISP, maybe they were using some proxy or something alike. So, now i take the laptop to the office and don't longer get the city.ws redirection, well, it's not the laptop, BUT trying to access a non existant homepage (http://www.glog.ne/ for example) i get this:
--------------- Microsoft VBScript runtime error '800a0005'
Invalid procedure call or argument: 'Left'
/includestuff.asp, line 29 ---------------
This message also appeared at home. Later i blamed firefox or maybe an extension with ads or something like that. Trying to access www.glog.ne with konqueror still gives me the VBScript error, and between my laptop and internet there's only a cisco router.
So, WTF?!, why am i getting a VBScript error on a linux laptop running firefox and accessing nonexistant pages?!
Anyone has seen this? or know what is this city.ws thing?
Ciro
VBScript can be encapsulated within MS javascript and has a legitimate usage within ASP.
Have you checked your DNS and Proxy settings? One possibility is that you are now being passed to a rogue DNS/Proxy which is directing queries to a rogue server. There are some exploits in the wild which can changes these settings though Linux users are not normally vulnerable. BTW If you access web stuff while root you are leaving yourself a little open to such attacks. Firefox while better than IE is not perfect.
Test with a non-mozilla based browser like Opera as well.
Clear out cache a disable scripting and see what happens. Have you acquired any new toolbars/widgets recently?
Who are city.ws? Someone (I think it was Veritas) pulled the stunt of directing unknown IP enquiries to one of their marketing servers which caused much irritation a while back. If city.ws are your ISP ask questions?
(If your home modem is on defaults there is a known exploit which can change the DNS setting of your home modem if your admin password is the manufacturers default).
I'm kind of lost, the DNS are ok here (internal) and at home (provided by the ISP), double checked that.... Already tried konqueror. Tried the tcptraceroute/traceroute comparison as suggested, and there's no variation in the hops, so i think that implies there's no proxy... About the toolbar, there's nothing knew, the addons are Bugmenot, forecastfox, flashgot, mediawrap (disabled) and mplayerplug-in. Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, M Harris
On Saturday 09 June 2007 02:47, Ciro Iriarte wrote:
As stated on my original mail y also tried konqueror, and i just input the the wrong/not existant address on the browser's address box. Are you running the NoScript addon with Firefox?
... try clearing the Firefox personal data, cache, etc.... and then run NoScript.
-- Kind regards,
M Harris <><
Tried you suggestion and i still get the VBScript error, but no any warning from NoScript (just an S with a red line crossing it). Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ciro Iriarte wrote:
2007/6/9, G T Smith
: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
<snip>
I'm kind of lost, the DNS are ok here (internal) and at home (provided by the ISP), double checked that.... Already tried konqueror. Tried the tcptraceroute/traceroute comparison as suggested, and there's no variation in the hops, so i think that implies there's no proxy...
Er no.. If you are comparing the routes at home and at work you would get similar results if you are being routed through a duff proxy from your machine... Try setting up a dummy user account and try accessing the web from that.... The user level settings should be clean...
About the toolbar, there's nothing knew, the addons are Bugmenot, forecastfox, flashgot, mediawrap (disabled) and mplayerplug-in.
Just a thought.
Ciro
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGamo6asN0sSnLmgIRAhKfAJ9yp5lU2peFhlnV6tXlwtGP9f+otgCfSW7o SDhHRitc13+/V1wbP+Gkkig= =XeHU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
<snip>
I'm kind of lost, the DNS are ok here (internal) and at home (provided by the ISP), double checked that.... Already tried konqueror. Tried the tcptraceroute/traceroute comparison as suggested, and there's no variation in the hops, so i think that implies there's no proxy...
Er no.. If you are comparing the routes at home and at work you would get similar results if you are being routed through a duff proxy from your machine... Try setting up a dummy user account and try accessing the web from that.... The user level settings should be clean...
No, i'm comparing a regular traceroute with a tcptraceroute on port 80. If there's a transparent proxy they should differ..
About the toolbar, there's nothing knew, the addons are Bugmenot, forecastfox, flashgot, mediawrap (disabled) and mplayerplug-in.
Just a thought.
Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-06-09 at 03:09 -0400, Ciro Iriarte wrote:
redirected to www.city.ws/notfound.asp while trying to access any page (google.com, local forums, etc), it's intermitent. Initially i blamed my Linksys WRT54GX4 access point at home, so i bypassed and conected the radiomodem directly to my laptop. The problem was still there.
Try connecting a different computer to that router using the same settings. If you get the same result, it is external. I you don't, it is internal to your portable. You might have set up squid or some other proxy on it, for instance. Try accesing sites using "links", for instance. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGanjZtTMYHG2NR9URAqSjAJ96OD4BZzBmomfQ4y7gQyX4bVp17gCgi1T8 Aeyjpnvz2g7sHfEcVV9d/ig= =uSMA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Try setting up a dummy user account and try accessing the web from that.... The user level settings should be clean...
Tried with a "test" user on konqueror, same result.... I guess it must be DNS, as a single ping from commandline to a non existent domain resolves to 206.225.95.129. ciro@roamer:~> ping me.esta.jodiendo PING me.esta.jodiendo.local.net (206.225.95.129) 56(84) bytes of data. 64 bytes from 206-225-95-129.dedicated.abac.net (206.225.95.129): icmp_seq=1 ttl=111 time=218 ms 64 bytes from 206-225-95-129.dedicated.abac.net (206.225.95.129): icmp_seq=2 ttl=111 time=219 ms ... But trying a debug, there's no ip in the response from the DNS server ciro@roamer:~/download/dnstracer-1.8> sudo ./dnstracer -v me.esta.jodiendo Tracing to me.esta.jodiendo[a] via 200.3.250.1, maximum of 3 retries 200.3.250.1 (200.3.250.1) IP HEADER - Destination address: 200.3.250.1 DNS HEADER (send) - Identifier: 0x2760 - Flags: 0x00 (Q ) - Opcode: 0 (Standard query) - Return code: 0 (No error) - Number questions: 1 - Number answer RR: 0 - Number authority RR: 0 - Number additional RR: 0 QUESTIONS (send) - Queryname: (2)me(4)esta(8)jodiendo - Type: 1 (A) - Class: 1 (Internet) DNS HEADER (recv) - Identifier: 0x2760 - Flags: 0x8083 (R RA ) - Opcode: 0 (Standard query) - Return code: 3 (Name error) - Number questions: 1 - Number answer RR: 0 - Number authority RR: 1 - Number additional RR: 0 QUESTIONS (recv) - Queryname: (2)me(4)esta(8)jodiendo - Type: 1 (A) - Class: 1 (Internet) AUTHORITY RR - Domainname: (1). - Type: 6 (SOA) - Class: 1 (Internet) - TTL: 10656 (2h57m36s) - Resource length: 64 - Resource data: serial: 2007060801 mname: (1)A(12)ROOT-SERVERS(3)NET rname: (5)NSTLD(12)VERISIGN-GRS(3)COM Ciro. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-06-09 at 05:59 -0400, Ciro Iriarte wrote:
Tried with a "test" user on konqueror, same result.... I guess it must be DNS, as a single ping from commandline to a non existent domain resolves to 206.225.95.129.
ciro@roamer:~> ping me.esta.jodiendo PING me.esta.jodiendo.local.net (206.225.95.129) 56(84) bytes of data.
Well, if I try: cer@nimrodel:~> host me.esta.jodiendo.local.net me.esta.jodiendo.local.net has address 206.225.95.129 The problem is that "local.net" does exist. You are appending that "local.net" to all your searches for non existing domains, thus the result you get. Look at your "/etc/resolv.conf" file. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGanuJtTMYHG2NR9URAvPDAJ9hW+yK43/qiLabfITfhUYX6XN82ACfRplz /4OkmQj5lC/oSw3plVBeahc= =L5O1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2007/6/9, Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2007-06-09 at 05:59 -0400, Ciro Iriarte wrote:
Tried with a "test" user on konqueror, same result.... I guess it must be DNS, as a single ping from commandline to a non existent domain resolves to 206.225.95.129.
ciro@roamer:~> ping me.esta.jodiendo PING me.esta.jodiendo.local.net (206.225.95.129) 56(84) bytes of data.
Well, if I try:
cer@nimrodel:~> host me.esta.jodiendo.local.net me.esta.jodiendo.local.net has address 206.225.95.129
The problem is that "local.net" does exist. You are appending that "local.net" to all your searches for non existing domains, thus the result you get. Look at your "/etc/resolv.conf" file.
- -- Cheers, Carlos E. R.
Hmm, well, i used that domain on my lan before i get internet at home :S Changed it to my ISPs domain, is there any command to flush the cache?, well, waited some minutes and the problem seems to be gone!, thanks! Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 09 June 2007 09:43, Ciro Iriarte wrote:
Also noticed this:
ciro@roamer:~> ping www.this.doesnt.exist PING www.this.doesnt.exist.local.net (206.225.95.129) 56(84) bytes of data.
You are using local.net as your domain on your computer. That is a valid domain. Don't use that -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-06-09 at 06:24 -0400, Ciro Iriarte wrote:
The problem is that "local.net" does exist. You are appending that "local.net" to all your searches for non existing domains, thus the result you get. Look at your "/etc/resolv.conf" file.
Hmm, well, i used that domain on my lan before i get internet at home :S Changed it to my ISPs domain, is there any command to flush the cache?, well, waited some minutes and the problem seems to be gone!, thanks!
Change to a domain that has no chance of existing at all, like "portatil.estaesmicasa" in the resolv file. Don't use a .net or anything of the sort with 2/3 letters that have a chance of existing. Change the name of your portable, too. Notice that what you put in the resolv file will be appended to non found sites... - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGaoJ4tTMYHG2NR9URAs+dAJ43IuftjQbrzwF1xkS+0+yh3VGRQgCeOUI+ 5pCmZU6avoOU8uObO7NnFBY= =taJ5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Samstag, 9. Juni 2007, Carlos E. R. wrote:
The Saturday 2007-06-09 at 05:59 -0400, Ciro Iriarte wrote:
Tried with a "test" user on konqueror, same result.... I guess it must be DNS, as a single ping from commandline to a non existent domain resolves to 206.225.95.129.
ciro@roamer:~> ping me.esta.jodiendo PING me.esta.jodiendo.local.net (206.225.95.129) 56(84) bytes of data.
Well, if I try:
cer@nimrodel:~> host me.esta.jodiendo.local.net me.esta.jodiendo.local.net has address 206.225.95.129
if I try "me.esta.jodiendo.local.net" I get "¡joder! ninguna.chica.en.el.local" and "fatal error: try local.bed" SCNR :-) Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.sanic.ch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 09 June 2007, Ciro Iriarte wrote:
I'm kind of lost, the DNS are ok here (internal) and at home (provided by the ISP), double checked that.... Already tried konqueror. Tried the tcptraceroute/traceroute comparison as suggested, and there's no variation in the hops, so i think that implies there's no proxy...
Ok, so no proxy. What about those contemptible DNS re-director "Services" that some ISPs are starting to provide where they direct you to some internally generated search engine (complete with adware) for anything that comes back as not found? This would likely be at your ISP. This type of software was originally intended for Hotels and hotspots, but I've seen it show up in other places, where the ISPs add this layer to gain a little revenue on the cheap, and not just on wireless networks. Some use it to redirect www.dnsredirector.com is one such software. http://downloads.zdnet.com/search.aspx?compid=50500 Even some big ISPs are getting into this nonsense: http://www.betanews.com/article/EarthLink_Criticized_for_DNS_Redirects/11575... How to test: Research the DNS server IPs for other ISPs, they don't even have to be physically close to you. Go into /etc/resolv.conf with a regular text editor and change the nameserver lines to point to the other dns servers. Then clear your browser cache and try your inquiry again. NOTE: You can very often use a different ISPs dns server if you suspect your ISPs server is lame, slow, broken, or something. Most ISPs do not filter external DNS requests because the resources needed to to this exceed the resources needed to serve the request. Don't abuse this. -- _____________________________________ John Andersen
2007/6/9, John Andersen
On Saturday 09 June 2007, Ciro Iriarte wrote:
I'm kind of lost, the DNS are ok here (internal) and at home (provided by the ISP), double checked that.... Already tried konqueror. Tried the tcptraceroute/traceroute comparison as suggested, and there's no variation in the hops, so i think that implies there's no proxy...
Ok, so no proxy.
What about those contemptible DNS re-director "Services" that some ISPs are starting to provide where they direct you to some internally generated search engine (complete with adware) for anything that comes back as not found?
This would likely be at your ISP.
This type of software was originally intended for Hotels and hotspots, but I've seen it show up in other places, where the ISPs add this layer to gain a little revenue on the cheap, and not just on wireless networks. Some use it to redirect
www.dnsredirector.com is one such software. http://downloads.zdnet.com/search.aspx?compid=50500
Even some big ISPs are getting into this nonsense: http://www.betanews.com/article/EarthLink_Criticized_for_DNS_Redirects/11575...
How to test: Research the DNS server IPs for other ISPs, they don't even have to be physically close to you.
Go into /etc/resolv.conf with a regular text editor and change the nameserver lines to point to the other dns servers.
Then clear your browser cache and try your inquiry again.
NOTE: You can very often use a different ISPs dns server if you suspect your ISPs server is lame, slow, broken, or something. Most ISPs do not filter external DNS requests because the resources needed to to this exceed the resources needed to serve the request. Don't abuse this.
-- _____________________________________ John Andersen
Gladly there's no such a thing on my ISP, the problem was caused by a misconfigured resolv.conf. I was using local.net for my LAN's domain and it exists. Combined with a catch-all rule for local.net caused this strange behaviour. Thanks a lot Ciro -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Anders Johansson
-
Carlos E. R.
-
Ciro Iriarte
-
Daniel Bauer
-
G T Smith
-
jdd
-
John Andersen
-
M Harris