PS,
if you have traceroute on you router compare that with tracert from a command
prompt in windows.
Wayne S
# tracert facebook.com
Tracing route to facebook.com [157.240.22.35]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.16.1
2 8 ms 6 ms 3 ms 104.238.253.33
3 7 ms 8 ms 6 ms 144.208.110.209
4 8 ms 8 ms 6 ms 172.18.255.18
5 9 ms 6 ms 8 ms 144.208.110.149
6 6 ms 6 ms 7 ms 144.208.110.146
7 17 ms 18 ms 18 ms xe-3-1-1.mpr1.phx7.us.zip.zayo.com
[209.66.99.109]
8 20 ms 19 ms 19 ms ae5.mpr3.phx2.us.zip.zayo.com [64.125.31.146]
9 28 ms 28 ms 27 ms ae28.cs1.lax112.us.eth.zayo.com [64.125.31.252]
10 27 ms 31 ms 28 ms ae2.cs1.sjc2.us.eth.zayo.com [64.125.28.144]
11 25 ms 26 ms 26 ms ae27.cr1.sjc2.us.zip.zayo.com [64.125.30.231]
12 26 ms 26 ms 27 ms ae16.mpr3.sjc7.us.zip.zayo.com [64.125.31.13]
13 26 ms 28 ms 28 ms
128.177.170.162.IPYX-100687-900-ZYO.zip.zayo.com [128.177.170.162]
14 27 ms 29 ms 28 ms po141.asw04.sjc1.tfbnw.net [31.13.26.204]
15 28 ms 26 ms 26 ms po244.psw03.sjc3.tfbnw.net [157.240.48.9]
16 28 ms 30 ms 30 ms 157.240.38.145
17 27 ms 28 ms 28 ms edge-star-mini-shv-01-sjc3.facebook.com
[157.240.22.35]
Trace complete.
At 11/22/2018 09:48 AM, you wrote:
>Seriously though, I have found something amiss in my own computer or network
>most of the time. A few months ago my computer got infected, as secure as I
>try to be. Firefox was being redirected through some other server. No AV or
>malware detection could find it. I even investigated in depth all the mozilla
>configuration JSON files, etc. I even mounted the drive in a Linux system to
>investigate registry hives...
>
>I eventually put in a new disk and re-installed windoze. I then mounted the
>infected disk in a linux box to recover whatever I needed. (note, to mount a
>windows boot disk in Linux as R/W you need to make sure to turn off Fast Boot
>option in Windws, which with the latest October update has become harder to
>access. Linux will mount Read Only if this is not done.)
>
>This is probably more than the normal user would be able to do, I admit.
>
>Because Facebook is so popular, it is a favorite platform to attack with
>malicious links. How many users on facebook have computers that are
>compromised? Redirecting searches is also common malware. Unfortunately the
>safest things to do usually breaks so many things users bypass them (eg.
>noscript)
>
>So my take away is to always suspect my own system first. But it is true that
>China periodically re-routes traffic through their servers due to insecure
>internet routers and the BGP. But even worse, there are so many other bad
>actors these days. If something is persistently wrong it is more likely your
>system or IP connection.
>
>You might try a traceroute to facebook.com. If you get routes with *, I would
>wonder what hidden router was in the path. From my Linux router... (note that
>many firewall router web config page have a "Network Tools" page with ping,
>traceroute, nslookup, ... Eg. my Asus RT-AC68U wifi router.)
>
> $traceroute facebook.com
>traceroute to facebook.com (157.240.22.35), 30 hops max, 60 byte packets
> 1 104.238.253.33 (104.238.253.33) 7.269 ms 7.210 ms 7.144 ms
> 2 144.208.110.209 (144.208.110.209) 7.151 ms 7.126 ms 7.109 ms
> 3 172.18.255.18 (172.18.255.18) 9.583 ms 9.595 ms 9.565 ms
> 4 144.208.110.149 (144.208.110.149) 9.585 ms 9.546 ms 9.551 ms
> 5 144.208.110.184 (144.208.110.184) 9.525 ms 9.493 ms 9.465 ms
> 6 phn4-edge-01.inet.qwest.net (65.116.180.57) 9.651 ms 9.867 ms 9.788 ms
> 7 snj-edge-04.inet.qwest.net (67.14.34.86) 27.065 ms 27.050 ms 26.968 ms
> 8 198.233.122.154 (198.233.122.154) 32.132 ms 27.684 ms 27.684 ms
> 9 po131.asw04.sjc1.tfbnw.net (157.240.32.34) 27.582 ms
> po131.asw03.sjc1.tfbnw.net (157.240.32.32) 27.594 ms
> po131.asw04.sjc1.tfbnw.net (157.240.32.34) 27.597 ms
>10 po236.psw02.sjc3.tfbnw.net (157.240.42.21) 27.592 ms
>po216.psw01.sjc3.tfbnw.net (31.13.29.225) 27.580 ms
>po226.psw02.sjc3.tfbnw.net (157.240.40.169) 27.538 ms
>11 157.240.38.209 (157.240.38.209) 27.542 ms 157.240.38.199 (157.240.38.199)
> 27.501 ms 157.240.38.109 (157.240.38.109) 25.184 ms
>12 edge-star-mini-shv-01-sjc3.facebook.com (157.240.22.35) 27.734 ms 27.725
>ms 27.698 ms
>
>For the paranoid, install virtualbox, create a kubuntu VM, and run Firefox in
>the VM to do Facebook stuff.
>
>Paranoid Generation WayneS
>Buffalo Springfield - 'for what it's worth'
>
>At 11/22/2018 08:31 AM, you wrote:
>> I know you're joking, but I shudder to think that they or someone else
>> is trying out something similar in preparation for bigger game.
>>
>>>
>>>It's just China checking a new version of their border gateway protocol
>>>hacking tools.
>>>
>>
>>Chris
>--
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|