New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Internet, Networking, and Wireless Discussion of networking, internet, and wireless including Apple's Airport products.

Check my DNS problem theory.


Post Reply New Thread Subscribe

 
Thread Tools
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 336
cptkrf has a spectacular aura about
Mac Specs: MacBook Air,2013, Intel Core i5, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
I have an apparent case of DNS poisoning and I need help in thinking this though.

The problem...

A day ago, after using google in the morning, I tried to use google that afternoon but was redirected to a Chinese page. Google maps and Youtube does the same thing. The problem is solid, except that on occasion I get the message that the page won't load because the server issued a reset.

Plus, any google link on any other website also resolves to that illegal site. Every Mac in the house does the same thing.

I assumed that the problem was with my provider (a broadcast wireless ISP) and their DNS. To to bypass them, I setup a static address on the Mac and changed the DNS in my machine to 8.8.8.8 (And some others afterward.) I turned off the radio router to flush it, cleared everything out of Chrome and restarted it, issued a flush cache at the command line. I then had had a single Mac, connected directly to the router with nothing else in-between.

Same problem. Tried Safari and got the same result. Downloaded Opera and tried it. Same.

I assume that something at the ISP's server is intercepting me and rerouting. I don't think it could be my Mac. (Three of them and an iPad, all doing the same thing.)

So why haven't I called the ISP? I will tomorrow but both days I got home too late to call. (Small outfit - 8 to 5)

Anybody see any holes in my theory? One thing that is bothering me is that everybody on this ISP should have called in today and raised cain, but nothing on their website, nor their phone message indicates a problem. And they are pretty good about leaving a message on their phone when this tower or that is having problems.

Ironically, the google map on their web site displays the Chinese pollution.

????
QUOTE Thanks
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 336
cptkrf has a spectacular aura about
Mac Specs: MacBook Air,2013, Intel Core i5, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
More information.

Even using the raw IP of 74.125.227.101 still gets the Chinese page. This is telling me something, but I haven't figured out what, yet.
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 37,178
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, iPhone 4, 3 iPods, OS X 10.9.2

chscag is offline
Follow the directions given at this LINK. You could possibly have been infected with the DNS Changer Trojan.
QUOTE Thanks
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 336
cptkrf has a spectacular aura about
Mac Specs: MacBook Air,2013, Intel Core i5, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
Thanks, but that wasn't it. Nothing was detected.

But, I didn't have hopes of it working. I am very careful about what gets installed and any time the box pops up asking for permission to install something, that is always a red flag.

But, the clincher that I didn't think of at the time, is that I also have an up to date Debian box, with a minimum load of software that I only use for programming. Cranking up Lynx - the old text only browser - I still get repointed to the Chinese site.

The idea that someone spent the time writing a crack for an ancient text browser that 99.99 percent of the world doesn't even know exists is pretty unbelievable.
QUOTE Thanks
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 336
cptkrf has a spectacular aura about
Mac Specs: MacBook Air,2013, Intel Core i5, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
One last item that is the clincher. I am sending this from an Internet cafe and google works fine. Time to beat up on my ISP when they come in for the day.

Possibly a good idea would be to recommend that they dump that Windows server farm for something that isn't the equivalent of a submarine with a screen door.

But I will wait till they fix my problem before ticking off their Sertified Sistems Ingineear.
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 37,178
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, iPhone 4, 3 iPods, OS X 10.9.2

chscag is offline
Yeah, it sure appears as if your ISP has somehow been infected. It's hard to get them (any ISP) to admit they have a problem. Speak to someone higher up in their food chain until you get through to them. After reading what you've done and it not being the DNS Changer Trojan, I can only come to the conclusion that your ISP has been hacked.

Let us know how this turns out.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,139
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Given the extensive testing with different machines and OSes, this is something that is surely going on with your ISP. Stupid question (perhaps) - have you tried unplugging the router and connecting one machine directly into the modem to test it? I only ask since, if no one else called it, it might still be something on your end and that would appear to be the only device that hasn't been eliminated from your equation.

By the way, I removed the link to the redirect page - no point including it here for us.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
cptkrf

 
Member Since: Dec 08, 2009
Location: The same as Sheldon Cooper - East Texas
Posts: 336
cptkrf has a spectacular aura about
Mac Specs: MacBook Air,2013, Intel Core i5, 27" Thunderbolt display (Highly recommended!)

cptkrf is offline
It isn't with my equipment. When I reported the problem this morning, I just happened to get an employee who knows me. As it turns out, they had been getting calls trickling in about a weird Chinese page that was showing up, but just assumed that it was some popular website that was hosed somewhere. When I called in with technical info, they began to look at it. A lot. All day. Finally, they called and asked if a tech could come to my house and connect his laptop. Turns out it was the owner of the company and apparently having problems believing what I was telling him, no matter how technical I sounded.

Sure enough, he plugged in a Win 7 Thinkpad and got mush instead of google. That got the whole tech department working on it and finally found a router somewhere that they couldn't get into - wrong password or id. Of course, that was an immediate red flag. Turns out that it was hacked. They took it off line and google access came back.

Like I have always preached - the size and complexity of your password needs to be larger than the square of the amount of money that you don't want to lose.
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 37,178
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, iPhone 4, 3 iPods, OS X 10.9.2

chscag is offline
Thanks for posting back. I think you ought to prod the owner to give you a year's free high speed access for doing their work.
QUOTE Thanks

Post Reply New Thread Subscribe


« wirelessly streaming to ps3/xbox? | Working Remotely »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Snow Leopard Networking problem (DNS issue) Cyberek Internet, Networking, and Wireless 5 09-28-2011 08:09 PM
Yes, another Flash plug in crash problem. lmno101 OS X - Apps and Games 0 09-13-2009 05:39 PM
External and Internal Hard-drives displaying incorrect size? Problem mglinx OS X - Operating System 4 08-01-2009 02:48 PM
Problem displaying text OS X keep.it.up OS X - Operating System 1 03-01-2009 08:10 PM
Intermittent Startup Problem (hardware) j3sp Apple Desktops 3 05-19-2008 10:50 AM

All times are GMT -4. The time now is 04:07 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?