Saturday, May 20, 2006

Hijacking the DNS

I'm sitting on the Datavalet wireless network in Vancouver International, and I've just noticed something really weird. It appears that the network is hijacking the DNS, if I type google.com into the browser, it redirects me to yahoo.com, and I don't seem to get a choice about things.

If I was using a Windows box I'd immediately suspect some sort of trojan or other nasty, but I'm using a Apple Mac, so I'm provisionally ruling that out. Whatever the cause, I don't really regard that as "nice" behaviour, and I'm left wondering where this is happening in the chain of routers between me and the outside world. I'm hoping someone can shed some light on this one?

Update: The "problem" seems to have gone away now, if it starts happening again I'll grab the output of dig for google.com and post it. I really should have thought of that in the first place, but it was just too spooky...

1 comment:

  1. Maybe it's a side effect of somebody trying to use the hot spot for free? Often, DNS traffic goes through without paying and thus there are programs to tunnel ip traffic over DNS (of course you need a server somewhere else. The idea is to querry names like

    get_index_html_of_somehost_dot_com.myhackerdomain.com

    and the answers are similar.

    ReplyDelete