I was like “wtf?!”. Debian.org replaced by a link farm ?

debian.org being actually domainsquatted is highly unlikely, so I started searching how this could happen.

First, a little explanation of the setup :

• I’m on a bullet train on my laptop, up-to-date Debian Lenny, 2.6.24
• My laptop is connected to a 3G+ (HSDPA in the US) PDA phone with a USB cable
• The phone appears to the computer as a network interface thanks to the usb-rndis-lite kernel module
• The phone does NAT routing between my computer (192.168.0.100), himself (192.168.0.1) and a restricted network from my phone operator
• The only host visible on this restricted network is a HTTP only proxy server that checks the user agent (Nokia is OK, Firefox means GO AWAY)
• I connect through this proxy to a dedicated host through a OpenVPN tunnel masquerading as HTTP with a Nokia user agent
• The dedicated host at the other side has special iptables rules to redirect requests coming from my mobile phone operator netblock on port 80 to the regular OpenVPN port.
• The dedicated host does NAT for my computer to the real Internet.
• The total latency varies from 120ms to 30 secs and the bandwidth from 2mbps to 8kbps depending on the coverage
• The only DNS server on my laptop is set in resolv.conf to 192.168.5.1, the remote OpenVPN endpoint, the dedicated server
• The dedicated server runs Bind and provides recursive resolution

Now there are some peculiarities to the situation :

• It happens exactely once a week on the train from my home in Paris to the campus in Grenoble
• It doesn’t happen the other way around or at any other time for that matter

Some hints :

• My hostname at home is aeris.home.eu
• My hostname on campus is aeris.liuo.res.rhb
• I almost never shut down my computer, only hibernate
• Jonathan Roes

Now for the challenge : how could this happen ?