Seriously though, I have found something amiss in my own computer or network
most of the time. A few months ago my computer got infected, as secure as I try
to be. Firefox was being redirected through some other server. No AV or malware
detection could find it. I even investigated in depth all the mozilla
configuration JSON files, etc. I even mounted the drive in a Linux system to
investigate registry hives...
I eventually put in a new disk and re-installed windoze. I then mounted the
infected disk in a linux box to recover whatever I needed. (note, to mount a
windows boot disk in Linux as R/W you need to make sure to turn off Fast Boot
option in Windws, which with the latest October update has become harder to
access. Linux will mount Read Only if this is not done.)
This is probably more than the normal user would be able to do, I admit.
Because Facebook is so popular, it is a favorite platform to attack with
malicious links. How many users on facebook have computers that are
compromised? Redirecting searches is also common malware. Unfortunately the
safest things to do usually breaks so many things users bypass them (eg.
noscript)
So my take away is to always suspect my own system first. But it is true that
China periodically re-routes traffic through their servers due to insecure
internet routers and the BGP. But even worse, there are so many other bad
actors these days. If something is persistently wrong it is more likely your
system or IP connection.
You might try a traceroute to facebook.com. If you get routes with *, I would
wonder what hidden router was in the path. From my Linux router... (note that
many firewall router web config page have a "Network Tools" page with ping,
traceroute, nslookup, ... Eg. my Asus RT-AC68U wifi router.)
$traceroute facebook.com
traceroute to facebook.com (157.240.22.35), 30 hops max, 60 byte packets
1 104.238.253.33 (104.238.253.33) 7.269 ms 7.210 ms 7.144 ms
2 144.208.110.209 (144.208.110.209) 7.151 ms 7.126 ms 7.109 ms
3 172.18.255.18 (172.18.255.18) 9.583 ms 9.595 ms 9.565 ms
4 144.208.110.149 (144.208.110.149) 9.585 ms 9.546 ms 9.551 ms
5 144.208.110.184 (144.208.110.184) 9.525 ms 9.493 ms 9.465 ms
6 phn4-edge-01.inet.qwest.net (65.116.180.57) 9.651 ms 9.867 ms 9.788 ms
7 snj-edge-04.inet.qwest.net (67.14.34.86) 27.065 ms 27.050 ms 26.968 ms
8 198.233.122.154 (198.233.122.154) 32.132 ms 27.684 ms 27.684 ms
9 po131.asw04.sjc1.tfbnw.net (157.240.32.34) 27.582 ms
po131.asw03.sjc1.tfbnw.net (157.240.32.32) 27.594 ms
po131.asw04.sjc1.tfbnw.net (157.240.32.34) 27.597 ms
10 po236.psw02.sjc3.tfbnw.net (157.240.42.21) 27.592 ms
po216.psw01.sjc3.tfbnw.net (31.13.29.225) 27.580 ms po226.psw02.sjc3.tfbnw.net
(157.240.40.169) 27.538 ms
11 157.240.38.209 (157.240.38.209) 27.542 ms 157.240.38.199 (157.240.38.199)
27.501 ms 157.240.38.109 (157.240.38.109) 25.184 ms
12 edge-star-mini-shv-01-sjc3.facebook.com (157.240.22.35) 27.734 ms 27.725
ms 27.698 ms
For the paranoid, install virtualbox, create a kubuntu VM, and run Firefox in
the VM to do Facebook stuff.
Paranoid Generation WayneS
Buffalo Springfield - 'for what it's worth'
At 11/22/2018 08:31 AM, you wrote:
> I know you're joking, but I shudder to think that they or someone else is
> trying out something similar in preparation for bigger game.
>
>>
>>It's just China checking a new version of their border gateway protocol
>>hacking tools.
>>
>
>Chris
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|