[lug] Suspicous: "host"/"DNS" Showing Odd Results (Fedora)
stimits at comcast.net
stimits at comcast.net
Mon Sep 3 16:38:37 MDT 2018
FYI, the dig information seems to believe both urlrw01.cable.comcast.com and civrightsvoices.com are the same thing. I have reset the cable modem (which is also the router), so if there is malware in it, then it isn't just in RAM. I'm not sure how I would validate the modem since it isn't mine. Is there a way to test which is independent of the modem?
FYI, does anyone else see "civrightsvoices.com" in the dig or host query for 69.252.80.75? If someone else sees it, then I know it isn't limited to my modem...but at the same time, unless someone else is using the comcast DNS, then it might not apply. I'd be very interested to know if someone with a comcast network is seeing anything like this.
----- Original Message -----From: Bear Giles <bgiles at coyotesong.com>To: Boulder (Colorado) Linux Users Group -- General Mailing List <lug at lug.boulder.co.us>Sent: Mon, 03 Sep 2018 21:30:46 -0000 (UTC)Subject: Re: [lug] Suspicous: "host"/"DNS" Showing Odd Results (Fedora)
Could your router be compromised? There's some malware that redirects DNS to point to its own servers. Possible uses are MITM attacks, capturing clicks (they resolve the click farms(?) to point to their own click farms), etc.
I don't remember both Comcast servers (I inserted my own pi-hole to block ads so I only kept one, as fallback) but I'm pretty sure one is 75.75.76.76. They certainly shouldn't be reserve-resolving to a non-comcast hostname.
On Mon, Sep 3, 2018 at 3:15 PM Zan Lynx <zlynx at acm.org> wrote:
On 9/3/2018 3:10 PM, stimits at comcast.net wrote:
> Is there something equivalent to a verbose trace of the "host" command
> to see more details?
Try dig. It does everything DNS.
dig +trace -x 69.252.80.75
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20180903/3e84bc09/attachment.html>
More information about the LUG
mailing list