Hi,
One of my user using fedora 10, 2.6.27.24-170.2.68, with Firefox 3.5.3. While browsing some sites it gets redirected to PORN sites.
( Single porn site opens if users misspelled production site name/urls ) ( porn site - kingofporn )
Is it a malware, virus, spyware ...infected..? If yes .... what to do ....is their any spyware, malware remover available.
On Thu, Aug 5, 2010 at 12:17 PM, Kenneth Gonsalves lawgon@au-kbc.orgwrote:
On Thu, 2010-08-05 at 11:57 +0530, Dattatray Kamble wrote:
One of my user using fedora 10, 2.6.27.24-170.2.68, with Firefox 3.5.3. While browsing some sites it gets redirected to PORN sites.
give a sample site so that we can check
regards Kenneth Gonsalves
www.hesco-lf.com ....gets redirected to ...raunchy king of porn site.
On Thu, Aug 5, 2010 at 12:58 PM, Dattatray Kamble meet2dsk@gmail.comwrote:
On Thu, Aug 5, 2010 at 12:17 PM, Kenneth Gonsalves <lawgon@au-kbc.org
wrote:
On Thu, 2010-08-05 at 11:57 +0530, Dattatray Kamble wrote:
One of my user using fedora 10, 2.6.27.24-170.2.68, with Firefox 3.5.3. While browsing some sites it gets redirected to PORN sites.
give a sample site so that we can check
regards Kenneth Gonsalves
www.hesco-lf.com ....gets redirected to ...raunchy king of porn site.
can you give the output of hosts file and resolv.conf $ cat /etc/hosts $ cat /etc/resolv.conf
On Thursday 05 August 2010 11:57:54 Dattatray Kamble wrote:
Hi,
One of my user using fedora 10, 2.6.27.24-170.2.68, withFirefox 3.5.3. While browsing some sites it gets redirected to PORN sites.
( Single porn site opens if users misspelled production site name/urls ) ( porn site - kingofporn )
Is it a malware, virus, spyware ...infected..? If yes .... what to do ....is their any spyware, malware remover available.
Unable to determine IP address from host name for www.hesco-lf.com Since others are not being redirected, it is presumed that mtnl DNS is ok.
So it looks like your DNS is spoofed. This could happen in any number of ways. edit resolv.conf to use opendns (assuming that fedora and this install uses resolv.conf).
If he is using an adsl, check the password on the adsl modem. If it is the default, change it after getting the adsl to the default factory setting and reconfiguring. If it continues to misdirect to porn you will have to reflash the adsl with a known good firmware (or simply chuck it out and get a new one for Rs.1500 odd).
BTW, yet to hear of a malware infection on linux in 10 years.
2010/8/5 Kenneth Gonsalves lawgon@au-kbc.org:
On Thu, 2010-08-05 at 13:59 +0530, jtd wrote:
Unable to determine IP address from host name for www.hesco-lf.com
and why is the OP trying to access a domain that does not exist???
But the domain hesco-fl.com exists. Maybe the OP is clicking on a mistyped URL.
Anurag
On Thu, Aug 5, 2010 at 6:09 PM, Anurag anurag@gnuer.org wrote:
2010/8/5 Kenneth Gonsalves lawgon@au-kbc.org:
On Thu, 2010-08-05 at 13:59 +0530, jtd wrote:
Unable to determine IP address from host name for www.hesco-lf.com
and why is the OP trying to access a domain that does not exist???
But the domain hesco-fl.com exists. Maybe the OP is clicking on a mistyped URL.
Anurag
-- http://web.gnuer.org/ -- http://mm.glug-bom.org/mailman/listinfo/linuxers
Hi,
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
C:\Documents and Settings\Administrator>ping 194.109.142.194
Pinging 194.109.142.194 with 32 bytes of data:
Reply from 194.109.142.194: bytes=32 time=277ms TTL=46 Reply from 194.109.142.194: bytes=32 time=278ms TTL=46 Reply from 194.109.142.194: bytes=32 time=277ms TTL=46 Reply from 194.109.142.194: bytes=32 time=280ms TTL=46
Ping statistics for 194.109.142.194: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 277ms, Maximum = 280ms, Average = 278ms
C:\Documents and Settings\Administrator>tracert 194.109.142.194
Tracing route to ds049.xs4all.nl [194.109.142.194] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.1 2 1 ms 68 ms 86 ms abs-static-149.202.102.118.aircel.co.in[118.102 .202.149] 3 1 ms 2 ms 2 ms abs-cn-85.208.79.114.aircel.co.in[114.79.208.85 ] 4 15 ms * 15 ms abs-cn-106.198.148.202.aircel.co.in[202.148.198 .106] 5 * 29 ms 28 ms abs-cn-5.198.148.202.aircel.co.in[202.148.198.5 ] 6 28 ms 28 ms 27 ms abs-cn-185.192.148.202.aircel.co.in[202.148.192 .185] 7 27 ms 29 ms 29 ms abs-cn-70.192.148.202.aircel.co.in[202.148.192. 70] 8 66 ms 65 ms 63 ms ^C C:\Documents and Settings\Administrator>nslookup clamav.net Server: dns2.dwl.co.in Address: 202.148.202.4
Non-authoritative answer: Name: clamav.net.smartdomain.com Address: 208.76.179.25
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : domainserver Primary Dns Suffix . . . . . . . : smartdomain.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : smartdomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : smartdomain.com Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethern et NIC Physical Address. . . . . . . . . : 00-1C-C0-01-77-47 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.4 DNS Servers . . . . . . . . . . . : 202.148.202.4 Lease Obtained. . . . . . . . . . : Thursday, August 05, 2010 4:30:48 AM Lease Expires . . . . . . . . . . : Friday, August 06, 2010 4:30:48 AM
On Thu, Aug 5, 2010 at 6:20 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
You have a DNS problem.
Hostname or FQDN requires to be converted to an IP through DNS - yeah I know it sounds like "have you switched on the power?" :D
If this is happening only on one system and if you think the DNS/GW parameters are *OK*, then most likely your Windows "resolver" dll file is corrupt.
C:\Documents and Settings\Administrator>ping 194.109.142.194
Pinging an IP address does not require DNS nor does the OS have to invoke it's "resolver"
On this same box, what is the output of "nslookup 194.109.142.194" ?
-- Arun Khan
On second look at OP's outputs ....
On Thu, Aug 5, 2010 at 6:56 PM, Arun Khan knura9@gmail.com wrote:
On Thu, Aug 5, 2010 at 6:20 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
You have a DNS problem.
Hostname or FQDN requires to be converted to an IP through DNS - yeah I know it sounds like "have you switched on the power?" Â :D
If this is happening only on one system and if you think the DNS/GW parameters are *OK*, then most likely your Windows "resolver" dll file is corrupt.
Ignore the above comments :(
Looks like your DNS server 202.148.202.4 belongs to Dishnet Wireless service. AFAIK, Indian ISP's DNS servers have been found to be unreliable.
I would suggest you switch to more reliable DNS servers like 4.2.2.[1-4] or 8.8.8.8 (Google) or openDNS servers.
On this same box, what is the output of "nslookup 194.109.142.194" Â ?
Still interested in the result of the above.
<Sidebar> It is also possible that your Windows system is hosed as pointed in my previous response. </Sidebar>
-- Arun Khan
On Thursday 05 August 2010 18:20:46 Dattatray Kamble wrote:
On Thu, Aug 5, 2010 at 6:09 PM, Anurag anurag@gnuer.org wrote:
2010/8/5 Kenneth Gonsalves lawgon@au-kbc.org:
On Thu, 2010-08-05 at 13:59 +0530, jtd wrote:
Unable to determine IP address from host name for www.hesco-lf.com
and why is the OP trying to access a domain that does not exist???
But the domain hesco-fl.com exists. Maybe the OP is clicking on a mistyped URL.
Anurag
-- http://web.gnuer.org/ -- http://mm.glug-bom.org/mailman/listinfo/linuxers
Hi,
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
C:\Documents and Settings\Administrator>ping 194.109.142.194
Pinging 194.109.142.194 with 32 bytes of data:
????. Never new Fedora had a doze distro.
On Thursday 05 August 2010 09:21 PM, jtd wrote:
On Thursday 05 August 2010 18:20:46 Dattatray Kamble wrote:
Hi,
Now look at this snapshot...u will come to know....if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net Unable to resolve target system name clamav.net.
C:\Documents and Settings\Administrator>ping 194.109.142.194
Pinging 194.109.142.194 with 32 bytes of data:
????. Never new Fedora had a doze distro.
Ya. I was wondering too, how Fedora got c:\documents and settings and nslookup. Notice how the system is being used as Administrator. This is the default account of doze and should never be used, even for admin purposes. It is like a template.
On Thu, 2010-08-05 at 18:20 +0530, Dattatray Kamble wrote:
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net
what distro are you using?
On Fri, Aug 6, 2010 at 11:25 AM, Kenneth Gonsalves lawgon@au-kbc.orgwrote:
On Thu, 2010-08-05 at 18:20 +0530, Dattatray Kamble wrote:
Now look at this snapshot...u will come to know.... if i wants to open clamav.net its not opening...but it's IP pinging.....
C:\Documents and Settings\Administrator>tracert clamav.net
what distro are you using?
regards Kenneth Gonsalves
Hi, The snapshot given below is from RHEL-5.
- It's a DHCP server at my premise - www.hesco-fl.com ...is our production site ( users may misspell it as www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site ) - problem occurs on Fedora 10, Centos 5.4, Windows Vista Business, RHEL-5 - If you see the /etc/resolv file smartdomain.com ( Windows Domain ), 202.148.202.4 Aircel DNS entry. - If i check this site on servers those are binded in DHCP .....message diaplayed is ...ADDRESS NOT FOUND - if i check this site on systems ( Windows, CentOS, Fedora ) not binded in DHCP .....PORN site opens as stated earlier. - New problem arriving is Internet usage is FULL..as we were using 1MBps for 40 systems.
[root@sydomain ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.2.4 sydomain.sysmart.com sydomain [root@sydomain ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search smartdomain.com nameserver 202.148.202.4 [root@sydomain ~]# nslookup hesco-fl.com Server: 202.148.202.4 Address: 202.148.202.4#53
Non-authoritative answer: Name: hesco-fl.com Address: 204.93.152.184
[root@sydomain ~]# nslookup hesco-lf.com Server: 202.148.202.4 Address: 202.148.202.4#53
** server can't find hesco-lf.com: NXDOMAIN
[root@sydomain ~]# tracert hesco-fl.com traceroute to hesco-fl.com (204.93.152.184), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.283 ms 0.268 ms 0.264 ms 2 * * * 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.482 ms 2.484 ms 3.221 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.333 ms 15.336 ms 15.334 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 31.187 ms 31.201 ms 31.199 ms 6 abs-cn-185.192.148.202.aircel.co.in (202.148.192.185) 31.196 ms 28.986 ms 28.965 ms 7 abs-cn-70.192.148.202.aircel.co.in (202.148.192.70) 28.925 ms 28.929 ms 28.925 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 29.393 ms 30.134 ms 30.131 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 30.124 ms 30.120 ms 30.841 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 173.126 ms 173.110 ms 171.851 ms 11 TenGE13-3.br02.ldn01.pccwbtn.net (63.218.12.246) 308.115 ms 308.115 ms 308.109 ms 12 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 171.766 ms 171.387 ms 170.870 ms
[root@sydomain ~]# tracert hesco-lf.com traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.256 ms 0.247 ms 0.244 ms 2 abs-static-149.202.102.118.aircel.co.in (118.102.202.149) 48.573 ms 48.575 ms 48.572 ms 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.461 ms 2.459 ms 2.457 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.687 ms 15.687 ms 15.684 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 30.285 ms 30.287 ms 30.286 ms 6 abs-cn-190.192.148.202.aircel.co.in (202.148.192.190) 30.282 ms 29.688 ms 29.667 ms 7 abs-cn-129.198.148.202.aircel.co.in (202.148.198.129) 29.625 ms 29.635 ms 29.631 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 31.719 ms 32.210 ms 32.206 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 32.200 ms 32.195 ms 32.191 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 172.207 ms 172.209 ms 175.684 ms 11 TenGE13-3.br02.ldn01.pccwbtn.net (63.218.12.246) 167.410 ms 166.204 ms 166.194 ms 12 195.66.224.130 (195.66.224.130) 243.520 ms 243.509 ms 243.478 ms 13 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 252.381 ms 247.991 ms 247.970 ms 14 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 301.287 ms 305.225 ms 305.200 ms
[root@sydomain ~]#
hey guys i struck by this error...waiting for your reply.
Regards & Thanks, DATTA
On Fri, Aug 6, 2010 at 1:08 PM, Kenneth Gonsalves lawgon@au-kbc.org wrote:
On Fri, 2010-08-06 at 13:01 +0530, Dattatray Kamble wrote:
- It's a DHCP server at my premise
what operating system is running on this server?
please avoid bottom posting
regards Kenneth Gonsalves
Hi,
I m using Domain - Windows 2003, Router - Fedora 6, DHCP - RHEL-5
The snapshots provided from redhat enterprise RHEL-5.
Regards & Thanks, DATTA
Hi,
Domain - internal authentiaction server OS - Windows 2K3
Regards, DATTA
On Fri, Aug 6, 2010 at 1:27 PM, Kenneth Gonsalves lawgon@au-kbc.org wrote:
On Fri, 2010-08-06 at 13:17 +0530, Dattatray Kamble wrote:
I m using Domain - Windows 2003, Router - Fedora 6, DHCP - RHEL-5
what does 'Domain' mean? and please avoid bottom posting - it is most irritating -- regards Kenneth Gonsalves
On Fri, 2010-08-06 at 13:29 +0530, Dattatray Kamble wrote:
Domain - internal authentiaction server OS - Windows 2K3
so which server handles your dns? windows or linux? And please avoid top posting - it is as irritating as bottom posting. If you have problems about how to post, please take a few minutes to read this:
http://db.glug-bom.org/wiki/index.php/Mailing_List_Etiquette#Do_not_top_post
On Fri, Aug 6, 2010 at 1:38 PM, Kenneth Gonsalves lawgon@au-kbc.org wrote:
On Fri, 2010-08-06 at 13:29 +0530, Dattatray Kamble wrote:
Domain - internal authentiaction server OS - Windows 2K3
so which server handles your dns? windows or linux? And please avoid top posting - it is as irritating as bottom posting. If you have problems about how to post, please take a few minutes to read this:
http://db.glug-bom.org/wiki/index.php/Mailing_List_Etiquette#Do_not_top_post
regards Kenneth Gonsalves
WIndows 2k3 - handles - DNS Linux - RHEL-5 - handles - DHCP
Regards, DATTA
On Friday 06 August 2010 13:43:55 Dattatray Kamble wrote:
On Fri, Aug 6, 2010 at 1:38 PM, Kenneth Gonsalves
lawgon@au-kbc.org wrote:
On Fri, 2010-08-06 at 13:29 +0530, Dattatray Kamble wrote:
Domain - internal authentiaction server OS - Windows 2K3
so which server handles your dns? windows or linux? And please avoid top posting - it is as irritating as bottom posting. If you have problems about how to post, please take a few minutes to read this:
http://db.glug-bom.org/wiki/index.php/Mailing_List_Etiquette#Do_n ot_top_post -- regards Kenneth Gonsalves
WIndows 2k3 - handles - DNS
So how is fake redirection a linux problem?
Linux - RHEL-5 - handles - DHCP
Regards, DATTA
On Fri, Aug 6, 2010 at 2:04 PM, jtd jtd@mtnl.net.in wrote:
On Friday 06 August 2010 13:43:55 Dattatray Kamble wrote:
On Fri, Aug 6, 2010 at 1:38 PM, Kenneth Gonsalves
lawgon@au-kbc.org wrote:
On Fri, 2010-08-06 at 13:29 +0530, Dattatray Kamble wrote:
Domain - internal authentiaction server OS - Windows 2K3
so which server handles your dns? windows or linux? And please avoid top posting - it is as irritating as bottom posting. If you have problems about how to post, please take a few minutes to read this:
http://db.glug-bom.org/wiki/index.php/Mailing_List_Etiquette#Do_n ot_top_post -- regards Kenneth Gonsalves
WIndows 2k3 - handles - DNS
So how is fake redirection a linux problem?
Linux - RHEL-5 - handles - DHCP
Regards, DATTA
-- Rgds JTD -- http://mm.glug-bom.org/mailman/listinfo/linuxers
DNS is on Windows 2K3 ( Internal DNS ) ..only for windows clients... What is the relation with Linux systems....Linux systems are not attached to this DNS.
Regards, DATTA
On Fri, Aug 6, 2010 at 2:26 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
... major snip ....
Please learn to trim your quotations.
DNS is on Windows 2K3 ( Internal DNS ) ..only for windows clients...
Then your problem is with the Windows systems - what does your query have to do with Linux? Please post your problem in a appropriate Windows forum.
What is the relation with Linux systems....Linux systems are not attached to this DNS.
Please see above.
-- Arun Khan
On Fri, Aug 6, 2010 at 2:32 PM, Arun Khan knura9@gmail.com wrote:
On Fri, Aug 6, 2010 at 2:26 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
... major snip ....
Please learn to trim your quotations.
DNS is on Windows 2K3 ( Internal DNS ) ..only for windows clients...
Then your problem is with the Windows systems - what does your query have to do with Linux? Please post your problem in a appropriate Windows forum.
What is the relation with Linux systems....Linux systems are not attached
to
this DNS.
Please see above.
-- Arun Khan
- Windows 2k3 DNS ip - 192.168.2.8- NO redirection to PORN - Router - Fedora 6 -ip - 192.168.2.1- NO redirection to PORN - DHCP - RHEL-5 - ip- 192.168.2.4- redirection to PORN - Other WIndows Vista clients - DHCP, DNS enabled - redirection to PORN - Other Linux systems ( CentOS, Fedora ) - DHCP enabled, no Domain - redirection to PORN
Router has eth0 & eth1 ( Forwarding, Natting ) . IPs 202.148.202.3, 202.148.202.4 - external DNS entries for all my network from Aircel ISP.
Regards, DATTA
On Friday 06 August 2010 14:26:32 Dattatray Kamble wrote:
DNS is on Windows 2K3 ( Internal DNS ) ..only for windows
That is not what you said earlier. Look at the statement below.
"WIndows 2k3 - handles - DNS"
clients... What is the relation with Linux systems....Linux systems are not attached to this DNS.
any system (linux or otherwise) which connects to ANY service using a hostname uses a DNS.
Also you have thoroughly mucked up your problem query by bringing in multiple network elements.
So please state only the linux part of your problem (i suggest you start from scratch, it's become difficult to trace all your incoherent top/bottom posted statements), and take the doze part to some other forum.
On Fri, Aug 6, 2010 at 3:45 PM, jtd jtd@mtnl.net.in wrote:
On Friday 06 August 2010 14:26:32 Dattatray Kamble wrote:
DNS is on Windows 2K3 ( Internal DNS ) ..only for windows
That is not what you said earlier. Look at the statement below.
"WIndows 2k3 - handles - DNS"
clients... What is the relation with Linux systems....Linux systems are not attached to this DNS.
any system (linux or otherwise) which connects to ANY service using a hostname uses a DNS.
Also you have thoroughly mucked up your problem query by bringing in multiple network elements.
So please state only the linux part of your problem (i suggest you start from scratch, it's become difficult to trace all your incoherent top/bottom posted statements), and take the doze part to some other forum.
-- Rgds JTD -- http://mm.glug-bom.org/mailman/listinfo/linuxers
OK .. i start once again..
- www.hesco-fl.com ...is our production site ( users may misspell it as www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site ) - problem occurs on Fedora 10, Centos 5.4, Windows Vista Business, RHEL-5.
Following is hosts & resolv entries of DHCP server configured on RHEL-5 with ip- 192.168.2.4 where hesco-lf redirects to PORN site.
[root@sydomain ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.2.4 sydomain.sysmart.com sydomain [root@sydomain ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search smartdomain.com nameserver 202.148.202.4 [root@sydomain ~]# nslookup hesco-fl.com Server: 202.148.202.4 Address: 202.148.202.4#53
Non-authoritative answer: Name: hesco-fl.com Address: 204.93.152.184
[root@sydomain ~]# nslookup hesco-lf.com Server: 202.148.202.4 Address: 202.148.202.4#53
** server can't find hesco-lf.com: NXDOMAIN
[root@sydomain ~]# tracert hesco-fl.com traceroute to hesco-fl.com (204.93.152.184), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.283 ms 0.268 ms 0.264 ms 2 * * * 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.482 ms 2.484 ms 3.221 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.333 ms 15.336 ms 15.334 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 31.187 ms 31.201 ms 31.199 ms 6 abs-cn-185.192.148.202.aircel.co.in (202.148.192.185) 31.196 ms 28.986 ms 28.965 ms 7 abs-cn-70.192.148.202.aircel.co.in (202.148.192.70) 28.925 ms 28.929 ms 28.925 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 29.393 ms 30.134 ms 30.131 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 30.124 ms 30.120 ms 30.841 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 173.126 ms 173.110 ms 171.851 ms 11 TenGE13-3.br02.ldn01.pccwbtn.nethttp://tenge13-3.br02.ldn01.pccwbtn.net/(63.218.12.246) 308.115 ms 308.115 ms 308.109 ms 12 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 171.766 ms 171.387 ms 170.870 ms
[root@sydomain ~]# tracert hesco-lf.com traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.256 ms 0.247 ms 0.244 ms 2 abs-static-149.202.102.118.aircel.co.in (118.102.202.149) 48.573 ms 48.575 ms 48.572 ms 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.461 ms 2.459 ms 2.457 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.687 ms 15.687 ms 15.684 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 30.285 ms 30.287 ms 30.286 ms 6 abs-cn-190.192.148.202.aircel.co.in (202.148.192.190) 30.282 ms 29.688 ms 29.667 ms 7 abs-cn-129.198.148.202.aircel.co.in (202.148.198.129) 29.625 ms 29.635 ms 29.631 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 31.719 ms 32.210 ms 32.206 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 32.200 ms 32.195 ms 32.191 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 172.207 ms 172.209 ms 175.684 ms 11 TenGE13-3.br02.ldn01.pccwbtn.nethttp://tenge13-3.br02.ldn01.pccwbtn.net/(63.218.12.246) 167.410 ms 166.204 ms 166.194 ms 12 195.66.224.130 (195.66.224.130) 243.520 ms 243.509 ms 243.478 ms 13 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 252.381 ms 247.991 ms 247.970 ms 14 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 301.287 ms 305.225 ms 305.200 ms
- Router - Fedora 6 -ip - 192.168.2.1- NO redirection to PORN
- Other Linux systems ( CentOS, Fedora ) - DHCP enabled, no Domain - redirection to PORN
Router has eth0 & eth1 ( Forwarding, Natting ) . IPs 202.148.202.3, 202.148.202.4 - external DNS entries for all my network from Aircel ISP.
Regards, DATTA
Dattatray Kamble wrote:
- www.hesco-fl.com ...is our production site ( users may misspell it as
www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site )
Sorry to be so dense, If your users mistype a URL and see a porn site, where is the problem?
I think you should have a simpler domain name or buy up all the domain names you think your users can misspell, and redirect them to the correct site.
sadhu
On Fri, Aug 6, 2010 at 5:10 PM, Nachiketa Sadhu sadhu@iitb.ac.in wrote:
Dattatray Kamble wrote:
- www.hesco-fl.com ...is our production site ( users may misspell it as
www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of
porn
site.....single site )
Sorry to be so dense, If your users mistype a URL and see a porn site, where is the problem?
I think you should have a simpler domain name or buy up all the domain names you think your users can misspell, and redirect them to the correct site.
sadhu
If its redirected .... it should show ....Address not found... But its redirecting....
Regards, DATTA
On Friday 06 August 2010 05:14 PM, Dattatray Kamble wrote:
If its redirected .... it should show ....Address not found... But its redirecting....
Connect a laptop or a live cd directly to the incoming Aircel line and see if Aircel DNS redirects to port sites or mis-spelt urls. Then go inwards to your office setup, one step at a time.
On Fri, 2010-08-06 at 23:36 +0530, Rony wrote:
As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
and as I have repeatedly said - LEAVE ONE BLANK LINE AFTER THE QUOTED MATERIAL
On Saturday 07 August 2010 07:09 AM, Kenneth Gonsalves wrote:
On Fri, 2010-08-06 at 23:36 +0530, Rony wrote:
As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
and as I have repeatedly said - LEAVE ONE BLANK LINE AFTER THE QUOTED MATERIAL
I have already added that in the third line.
On Sat, 2010-08-07 at 20:19 +0530, Rony wrote:
and as I have repeatedly said - LEAVE ONE BLANK LINE AFTER THE
QUOTED
MATERIAL
I have already added that in the third line.
no you have not. Quoted material means any line starting with '>'. Many people leave two or three blank lines before their sig. You are quoting those few blank lines and then posting without leaving a blank line.
On Sunday 08 August 2010 07:17 AM, Kenneth Gonsalves wrote:
On Sat, 2010-08-07 at 20:19 +0530, Rony wrote:
and as I have repeatedly said - LEAVE ONE BLANK LINE AFTER THE
QUOTED
MATERIAL
I have already added that in the third line.
no you have not. Quoted material means any line starting with '>'. Many people leave two or three blank lines before their sig. You are quoting those few blank lines and then posting without leaving a blank line.
How does this look now?
On Sun, 2010-08-08 at 11:59 +0530, Rony wrote:
no you have not. Quoted material means any line starting with '>'.
Many
people leave two or three blank lines before their sig. You are
quoting
those few blank lines and then posting without leaving a blank line.
How does this look now?
good - you are now a fully fledged member of the club
Following is hosts & resolv entries of DHCP server configured on RHEL-5 with ip- 192.168.2.4 where hesco-lf redirects to PORN site.
[root@sydomain ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.2.4 sydomain.sysmart.com sydomain [root@sydomain ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search smartdomain.com nameserver 202.148.202.4 [root@sydomain ~]# nslookup hesco-fl.com Server: 202.148.202.4 Address: 202.148.202.4#53
Non-authoritative answer: Name: hesco-fl.com Address: 204.93.152.184
[root@sydomain ~]# nslookup hesco-lf.com Server: 202.148.202.4 Address: 202.148.202.4#53
** server can't find hesco-lf.com: NXDOMAIN
[root@sydomain ~]# tracert hesco-fl.com traceroute to hesco-fl.com (204.93.152.184), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.283 ms 0.268 ms 0.264 ms 2 * * * 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.482 ms 2.484 ms 3.221 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.333 ms 15.336 ms 15.334 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 31.187 ms 31.201 ms 31.199 ms 6 abs-cn-185.192.148.202.aircel.co.in (202.148.192.185) 31.196 ms 28.986 ms 28.965 ms 7 abs-cn-70.192.148.202.aircel.co.in (202.148.192.70) 28.925 ms 28.929 ms 28.925 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 29.393 ms 30.134 ms 30.131 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 30.124 ms 30.120 ms 30.841 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 173.126 ms 173.110 ms 171.851 ms 11 TenGE13-3.br02.ldn01.pccwbtn.net< http://tenge13-3.br02.ldn01.pccwbtn.net/%3E(63.218.12.246) 308.115 ms 308.115 ms 308.109 ms 12 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 171.766 ms 171.387 ms 170.870 ms
[root@sydomain ~]# tracert hesco-lf.com traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.256 ms 0.247 ms 0.244 ms 2 abs-static-149.202.102.118.aircel.co.in (118.102.202.149) 48.573 ms 48.575 ms 48.572 ms 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.461 ms 2.459 ms 2.457 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.687 ms 15.687 ms 15.684 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 30.285 ms 30.287 ms 30.286 ms 6 abs-cn-190.192.148.202.aircel.co.in (202.148.192.190) 30.282 ms 29.688 ms 29.667 ms 7 abs-cn-129.198.148.202.aircel.co.in (202.148.198.129) 29.625 ms 29.635 ms 29.631 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 31.719 ms 32.210 ms 32.206 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 32.200 ms 32.195 ms 32.191 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 172.207 ms 172.209 ms 175.684 ms 11 TenGE13-3.br02.ldn01.pccwbtn.net< http://tenge13-3.br02.ldn01.pccwbtn.net/%3E(63.218.12.246) 167.410 ms 166.204 ms 166.194 ms 12 195.66.224.130 (195.66.224.130) 243.520 ms 243.509 ms 243.478 ms 13 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 252.381 ms 247.991 ms 247.970 ms 14 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 301.287 ms 305.225 ms 305.200 ms
- Router - Fedora 6 -ip - 192.168.2.1- NO redirection to PORN
What are hosts and resolv.conf files content on *this* Fedora?
- Other Linux systems ( CentOS, Fedora ) - DHCP enabled, no Domain -
redirection to PORN
Router has eth0 & eth1 ( Forwarding, Natting ) . IPs 202.148.202.3, 202.148.202.4 - external DNS entries for all my network from Aircel ISP.
Anyway, Overall, this seems to be some problem at Airtel's DNS server. Change the IP entries in resolv.conf in RHEL to either/all of the following:
nameserver 208.67.222.222 nameserver 208.67.220.220 nameserver 8.8.8.8 nameserver 8.8.4.4
On Friday 06 August 2010 16:52:26 Dattatray Kamble wrote:
OK .. i start once again..
- www.hesco-fl.com ...is our production site ( users may misspell
it as www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site )
- problem occurs on Fedora 10, Centos 5.4, Windows Vista Business,
RHEL-5.
Ok.
Following is hosts & resolv entries of DHCP server configured on RHEL-5 with ip- 192.168.2.4 where hesco-lf redirects to PORN site.
[root@sydomain ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.2.4 sydomain.sysmart.com sydomain [root@sydomain ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search smartdomain.com nameserver 202.148.202.4 [root@sydomain ~]# nslookup hesco-fl.com Server: 202.148.202.4 Address: 202.148.202.4#53
Non-authoritative answer: Name: hesco-fl.com Address: 204.93.152.184
[root@sydomain ~]# nslookup hesco-lf.com Server: 202.148.202.4 Address: 202.148.202.4#53
** server can't find hesco-lf.com: NXDOMAIN
[root@sydomain ~]# tracert hesco-fl.com traceroute to hesco-fl.com (204.93.152.184), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.283 ms 0.268 ms 0.264 ms 2 * * * 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.482 ms 2.484 ms 3.221 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.333 ms 15.336 ms 15.334 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 31.187 ms 31.201 ms 31.199 ms 6 abs-cn-185.192.148.202.aircel.co.in (202.148.192.185) 31.196 ms 28.986 ms 28.965 ms 7 abs-cn-70.192.148.202.aircel.co.in (202.148.192.70) 28.925 ms 28.929 ms 28.925 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 29.393 ms 30.134 ms 30.131 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 30.124 ms 30.120 ms 30.841 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 173.126 ms 173.110 ms 171.851 ms 11 TenGE13-3.br02.ldn01.pccwbtn.nethttp://tenge13-3.br02.ldn01.pccwbt n.net/(63.218.12.246) 308.115 ms 308.115 ms 308.109 ms 12 xe-0-3-0.cr1.lhr1.uk.nlayer.net (195.66.224.37) 171.766 ms 171.387 ms 170.870 ms
Ok. Same response with the dns set to 202.148.202.4/3 at my location.
[root@sydomain ~]# tracert hesco-lf.com traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.256 ms 0.247 ms 0.244 ms 2 abs-static-149.202.102.118.aircel.co.in (118.102.202.149) 48.573 ms 48.575 ms 48.572 ms 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.461 ms 2.459 ms 2.457 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.687 ms 15.687 ms 15.684 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 30.285 ms 30.287 ms 30.286 ms 6 abs-cn-190.192.148.202.aircel.co.in (202.148.192.190) 30.282 ms 29.688 ms 29.667 ms 7 abs-cn-129.198.148.202.aircel.co.in (202.148.198.129) 29.625 ms 29.635 ms 29.631 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 31.719 ms 32.210 ms 32.206 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 32.200 ms 32.195 ms 32.191 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 172.207 ms 172.209 ms 175.684 ms 11 TenGE13-3.br02.ldn01.pccwbtn.nethttp://tenge13-3.br02.ldn01.pccwbt n.net/(63.218.12.246) 167.410 ms 166.204 ms 166.194 ms 12 195.66.224.130 (195.66.224.130) 243.520 ms 243.509 ms 243.478 ms 13 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 252.381 ms 247.991 ms 247.970 ms 14 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 301.287 ms 305.225 ms 305.200 ms
Cannot replicate this. So something wrong with this specific install, not as Sagar Belure suggests the Airtel dns
do you have bind running on this machine or some other machine on smartdomain.com? from the resolv.conf remove "search smartdomain.com"
Router - Fedora 6 -ip - 192.168.2.1- NO redirection to PORN
Other Linux systems ( CentOS, Fedora ) - DHCP enabled, no Domain
redirection to PORN
Router has eth0 & eth1 ( Forwarding, Natting ) . IPs 202.148.202.3, 202.148.202.4 - external DNS entries for all my network from Aircel ISP.
Regards, DATTA
On Fri, Aug 6, 2010 at 6:07 PM, jtd jtd@mtnl.net.in wrote:
Ok. Same response with the dns set to 202.148.202.4/3 at my location.
$ nslookup
server 202.148.202.4
Default server: 202.148.202.4 Address: 202.148.202.4#53
hesco-fl.com
Server: 202.148.202.4 Address: 202.148.202.4#53
Non-authoritative answer: Name: hesco-fl.com Address: 204.93.152.184
hesco-lf.com
Server: 202.148.202.4 Address: 202.148.202.4#53
** server can't find fesco-lf.com: NXDOMAIN
Confirmed. Problem is not with the Airtel's DNS server.
[root@sydomain ~]# tracert hesco-lf.com traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets 1 192.168.2.1 (192.168.2.1) 0.256 ms 0.247 ms 0.244 ms 2 abs-static-149.202.102.118.aircel.co.in (118.102.202.149) 48.573 ms 48.575 ms 48.572 ms 3 abs-cn-85.208.79.114.aircel.co.in (114.79.208.85) 2.461 ms 2.459 ms 2.457 ms 4 abs-cn-106.198.148.202.aircel.co.in (202.148.198.106) 15.687 ms 15.687 ms 15.684 ms 5 abs-cn-5.198.148.202.aircel.co.in (202.148.198.5) 30.285 ms 30.287 ms 30.286 ms 6 abs-cn-190.192.148.202.aircel.co.in (202.148.192.190) 30.282 ms 29.688 ms 29.667 ms 7 abs-cn-129.198.148.202.aircel.co.in (202.148.198.129) 29.625 ms 29.635 ms 29.631 ms 8 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 31.719 ms 32.210 ms 32.206 ms 9 abs-cn-77.192.148.202.aircel.co.in (202.148.192.77) 32.200 ms 32.195 ms 32.191 ms 10 63-218-143-9.static.pccwglobal.net (63.218.143.9) 172.207 ms 172.209 ms 175.684 ms 11 TenGE13-3.br02.ldn01.pccwbtn.nethttp://tenge13-3.br02.ldn01.pccwbt n.net/(63.218.12.246) 167.410 ms 166.204 ms 166.194 ms 12 195.66.224.130 (195.66.224.130) 243.520 ms 243.509 ms 243.478 ms 13 vb1042.rar3.nyc-ny.us.xo.net (207.88.13.202) 252.381 ms 247.991 ms 247.970 ms 14 te-3-0-0.rar3.washington-dc.us.xo.net (207.88.12.74) 301.287 ms 305.225 ms 305.200 ms
Cannot replicate this. So something wrong with this specific install, not as Sagar Belure suggests the Airtel dns
Thank you jtd for the correction.
do you have bind running on this machine or some other machine on smartdomain.com? from the resolv.conf remove "search smartdomain.com"
Router - Fedora 6 -ip - 192.168.2.1- NO redirection to PORN
Other Linux systems ( CentOS, Fedora ) - DHCP enabled, no Domain
redirection to PORN
Router has eth0 & eth1 ( Forwarding, Natting ) . IPs 202.148.202.3, 202.148.202.4 - external DNS entries for all my network from Aircel ISP.
Regards, DATTA
-- Rgds JTD -- http://mm.glug-bom.org/mailman/listinfo/linuxers
On Fri, Aug 6, 2010 at 4:52 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
***** Can you not spend a few moments to trim out unnecessary text and make your posts more readable?*****
OK .. i start once again..
- www.hesco-fl.com ...is our production site ( users may misspell it as
www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site )
- problem occurs on Fedora 10, Centos 5.4, Windows Vista Business, RHEL-5.
Do all of the above systems have 202.148.202.4 as the DNS server in /etc/resolv.conf or the Windoze equivalent?
** server can't find hesco-lf.com: NXDOMAIN
I get the same result.
[root@sydomain ~]# tracert hesco-lf.com
Have you aliased traceroute to tracert? just curious.
traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Hmmm. for some reason the OS resolver on your system is resolving the non existing domain "hesco-lf.com" to 208.76.179.25.
Reverse map of 208.76.179.25 turns out to spider.ten.com.
$ host 208.76.179.25 25.179.76.208.in-addr.arpa domain name pointer spider.ten.com.
http connection to spider.ten.com "appears" to be redirected to the raunchy site http://kingofporn.com/ but ....
$ host kingofporn.com kingofporn.com has address 208.76.179.25
What I don't understand is -- why/where do the respective host OS "resolver" translate a non-existent domain name into an IP number 208.76.179.25?
Can you use any of the LiveCD on any machine and tell us whether you see the same symptoms?
-- Arun Khan
On Friday 06 August 2010 21:44:15 Arun Khan wrote:
On Fri, Aug 6, 2010 at 4:52 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
***** Can you not spend a few moments to trim out unnecessary text and make your posts more readable?*****
OK .. i start once again..
- www.hesco-fl.com ...is our production site ( users may misspell
it as www.hesco-lf.com ..&..get redirected to ..PORN site..( raunchy king of porn site.....single site )
- problem occurs on Fedora 10, Centos 5.4, Windows Vista
Business, RHEL-5.
Do all of the above systems have 202.148.202.4 as the DNS server in /etc/resolv.conf or the Windoze equivalent?
** server can't find hesco-lf.com: NXDOMAIN
I get the same result.
[root@sydomain ~]# tracert hesco-lf.com
Have you aliased traceroute to tracert? just curious.
it's done by default, tracert = traceroute -I
traceroute to hesco-lf.com (208.76.179.25), 30 hops max, 40 byte packets
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Hmmm. for some reason the OS resolver on your system is resolving the non existing domain "hesco-lf.com" to 208.76.179.25.
Reverse map of 208.76.179.25 turns out to spider.ten.com.
$ host 208.76.179.25 25.179.76.208.in-addr.arpa domain name pointer spider.ten.com.
http connection to spider.ten.com "appears" to be redirected to the raunchy site http://kingofporn.com/ but ....
$ host kingofporn.com kingofporn.com has address 208.76.179.25
What I don't understand is -- why/where do the respective host OS "resolver" translate a non-existent domain name into an IP number 208.76.179.25?
My guess is he's got a dns server on a hosed doze box on his network.
On Sat, Aug 7, 2010 at 10:52 AM, jtd jtd@mtnl.net.in wrote:
On Friday 06 August 2010 21:44:15 Arun Khan wrote:
Have you aliased traceroute to tracert? Â just curious.
it's done by default, tracert = traceroute -I
Not on my systems -- Ubuntu 10.04 (server), Debian Squeeze (server) and openSUSE 11.2 (desktop and server).
What I don't understand is -- why/where do the respective host OS "resolver" translate a non-existent domain name into an IP number 208.76.179.25?
My guess is he's got a dns server on a hosed doze box on his network.
I agree, it could be acting as the "man in the middle". I know it sounds weird but I have seen b0rked systems do strange things.
OP can you shutdown the Win2K3 server (your MS domain controller), boot a desktop with a LiveCD and tell us your results of the experiment?
-- Arun Khan
On Saturday 07 August 2010 11:47:22 Arun Khan wrote:
On Sat, Aug 7, 2010 at 10:52 AM, jtd jtd@mtnl.net.in wrote:
On Friday 06 August 2010 21:44:15 Arun Khan wrote:
Have you aliased traceroute to tracert? Â just curious.
it's done by default, tracert = traceroute -I
Not on my systems -- Ubuntu 10.04 (server), Debian Squeeze (server) and openSUSE 11.2 (desktop and server).
Ok. Mine is lenny.
On Fri, Aug 6, 2010 at 4:52 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
search smartdomain.com
This is your problem. Don't use a domain name that doesn't belong to you or your network. Bonus:- What is the ip of smartdomain.com?
On Sat, 2010-08-07 at 21:24 +0530, Mehul Ved wrote:
search smartdomain.com
This is your problem. Don't use a domain name that doesn't belong to you or your network. Bonus:- What is the ip of smartdomain.com?
ROTFLOL - anyway it is good to know that in spite of it's best efforts GOI has been unable to block all pron sites - and hilarious to know that someone is using a prondns.
On Sunday 08 August 2010 07:22:14 Kenneth Gonsalves wrote:
On Sat, 2010-08-07 at 21:24 +0530, Mehul Ved wrote:
search smartdomain.com
This is your problem. Don't use a domain name that doesn't belong to you or your network. Bonus:- What is the ip of smartdomain.com?
ROTFLOL - anyway it is good to know that in spite of it's best efforts GOI has been unable to block all pron sites - and hilarious to know that someone is using a prondns.
Cheers to the sysadmin. Atleast he knows what increases productivity.
On Sat, Aug 7, 2010 at 9:24 PM, Mehul Ved mehul.n.ved@gmail.com wrote:
On Fri, Aug 6, 2010 at 4:52 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
search smartdomain.com
This is your problem. Don't use a domain name that doesn't belong to you or your network. Bonus:- What is the ip of smartdomain.com?
$ host smartdomain.com smartdomain.com has address 208.76.179.25
Good eye - I missed that one.
This is not Malware but ***Malconfiguration*** IMO, perpetrated by the sys admin. (reminds me of an old song lyric "Maajhi jab nav dubhaye to kaun bachaye?" )
@Dattatray Kamble - you have become silent, please have the decency to answer the questions that members have posted while helping you with your problem. Please post the solution to your problem if it has been resolved to **all** the ILUG lists you have posted. This is the least you can do.
-- Arun Khan
On Sun, 2010-08-08 at 10:26 +0530, Arun Khan wrote:
Good eye - I missed that one.
did you login to http://smartdomain.com?
This is not Malware but ***Malconfiguration*** IMO, perpetrated by the sys admin. (reminds me of an old song lyric "Maajhi jab nav dubhaye to kaun bachaye?" )
what does this mean?
On Sunday 08 August 2010 10:32 AM, Kenneth Gonsalves wrote:
This is not Malware but ***Malconfiguration*** IMO, perpetrated by the sys admin. (reminds me of an old song lyric "Maajhi jab nav dubhaye to kaun bachaye?" )
what does this mean?
If the boatman (maajhi) sinks the boat (nav) himself, then who can save it.
On Sunday 08 August 2010 12:15 PM, Kenneth Gonsalves wrote:
On Sun, 2010-08-08 at 12:06 +0530, Rony wrote:
If the boatman (maajhi) sinks the boat (nav) himself, then who can save it.
thanks - what language is it?
Hindustani. A mix of Hindi and Urdu.
On Sun, Aug 8, 2010 at 12:54 PM, Rony gnulinuxist@gmail.com wrote:
On Sunday 08 August 2010 12:15 PM, Kenneth Gonsalves wrote:
On Sun, 2010-08-08 at 12:06 +0530, Rony wrote:
If the boatman (maajhi) sinks the boat (nav) himself, then who can save it.
thanks - what language is it?
Hindustani. A mix of Hindi and Urdu.
--
As a proper list etiquette... Please trim your replies. Post your replies below the relevant original text, leaving a line space. Do not re-use old messages to write new ones.
Regards,
Rony.
Hi,
i resolved the issue ..50 %. - I removed the entry of internal DNS ..i.e smartdomain.com from DHCP server. - DHCP configured to use with three entries internal DNS & two other DNS entries provided by ISP. - Since now the hesco-lf.com not redirecting to PORN site...but my DHCP server RHEL-5 configurad having manually defined IP ....and..its redirecting same site to PORN site.
Regards, DATTA
Hi Datta,
On 08/09/2010 11:57 AM, Dattatray Kamble wrote:
[...snipped of a whole bunch of stuff...]
Why is it so difficult for you to understand the proper way to post, inspite of it being pointed out so many times to you ??
PLEASE ... *DO NOT TOP POST* *DO NOT BOTTOM POST* *USED PROPERLY TRIMMED INTERLEAVED POSTING*
i resolved the issue ..50 %.
- I removed the entry of internal DNS ..i.e smartdomain.com from DHCP
server.
- DHCP configured to use with three entries internal DNS& two other DNS
entries provided by ISP.
- Since now the hesco-lf.com not redirecting to PORN site
That's good.
...but my DHCP server RHEL-5 configurad having manually defined IP ....and..its redirecting same site to PORN site.
Is it possible you have the very same problem on this system ? What's in the '/etc/resolve.conf' on this system ?
cheers, - steve
On Mon, Aug 9, 2010 at 12:32 PM, steve steve@lonetwin.net wrote:
...but my DHCP server RHEL-5 configurad having manually defined IP ....and..its
redirecting
same site to PORN site.
Is it possible you have the very same problem on this system ? What's in the '/etc/resolve.conf' on this system ?
Would flushing the DNS cache help? http://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/
On Saturday 07 August 2010 21:24:17 Mehul Ved wrote:
On Fri, Aug 6, 2010 at 4:52 PM, Dattatray Kamble
meet2dsk@gmail.com wrote:
search smartdomain.com
This is your problem. Don't use a domain name that doesn't belong to you or your network. Bonus:- What is the ip of smartdomain.com?
That is what i told him: "from the resolv.conf remove "search smartdomain.com""
On Fri, Aug 6, 2010 at 1:43 PM, Dattatray Kamble meet2dsk@gmail.com wrote:
WIndows 2k3 - handles - DNS
This is new - Your yesterdays logs from Windows DOS box was listing a DNS from your service provider.
<quote> IP Address. . . . . . . . . . . . : 192.168.2.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.4 DNS Servers . . . . . . . . . . . : 202.148.202.4 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< dns2.dwl.co.in. Lease Obtained. . . . . . . . . . : Thursday, August 05, 2010 4:30:48 AM Lease Expires . . . . . . . . . . : Friday, August 06, 2010 4:30:48 AM </quote>
Have you changed it now? What is the IP address of your WIN2K3 DNS server?
Linux - RHEL-5 - handles - DHCP
What is the DNS server in the dhcpd.conf file?
-- Arun Khan
On Thu, 2010-08-05 at 18:09 +0530, Anurag wrote:
2010/8/5 Kenneth Gonsalves lawgon@au-kbc.org:
On Thu, 2010-08-05 at 13:59 +0530, jtd wrote:
Unable to determine IP address from host name for www.hesco-lf.com
and why is the OP trying to access a domain that does not exist???
But the domain hesco-fl.com exists. Maybe the OP is clicking on a mistyped URL.
then dns servers have their own way of operating. Some report 'not found', opendns gives a page showing likely urls and prondns redirects to pron sites
-
Anurag -
Arun Khan -
Dattatray Kamble -
jtd -
Kenneth Gonsalves -
Mehul Ved -
Nachiketa Sadhu -
Nishit Dave -
Rony -
Sagar Belure -
Saswata Banerjee & Associates -
steve -
Yohan Pereira