Jun 11 2008
debian.org domainsquatted ? (1)
I was like “wtf?!”. Debian.org replaced by a link farm ?
debian.org being actually domainsquatted is highly unlikely, so I started searching how this could happen.
First, a little explanation of the setup :
- I’m on a bullet train on my laptop, up-to-date Debian Lenny, 2.6.24
- My laptop is connected to a 3G+ (HSDPA in the US) PDA phone with a USB cable
- The phone appears to the computer as a network interface thanks to the usb-rndis-lite kernel module
- The phone does NAT routing between my computer (192.168.0.100), himself (192.168.0.1) and a restricted network from my phone operator
- The only host visible on this restricted network is a HTTP only proxy server that checks the user agent (Nokia is OK, Firefox means GO AWAY)
- I connect through this proxy to a dedicated host through a OpenVPN tunnel masquerading as HTTP with a Nokia user agent
- The dedicated host at the other side has special iptables rules to redirect requests coming from my mobile phone operator netblock on port 80 to the regular OpenVPN port.
- The dedicated host does NAT for my computer to the real Internet.
- The total latency varies from 120ms to 30 secs and the bandwidth from 2mbps to 8kbps depending on the coverage
- The only DNS server on my laptop is set in resolv.conf to 192.168.5.1, the remote OpenVPN endpoint, the dedicated server
- The dedicated server runs Bind and provides recursive resolution
Now there are some peculiarities to the situation :
- It happens exactely once a week on the train from my home in Paris to the campus in Grenoble
- It doesn’t happen the other way around or at any other time for that matter
Some hints :
- My hostname at home is aeris.home.eu
- My hostname on campus is aeris.liuo.res.rhb
- I almost never shut down my computer, only hibernate
- Jonathan Roes
Now for the challenge : how could this happen ?