Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Google having a hiccup in Colombia - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Google having a hiccup in Colombia

Today google is having a hiccup in Colombia. Users accessing www.google.com are having the following result:

Google Hiccup

That looked weird. I was wondering if it was some kind of DNS spoofing attack, but it's not. www google.com.co is working ok, but not www.google.com. Both of them are in the same netblock:

IP address for google

TCP stream of packet capture shows a redirection to a non-existent file:

TCP stream google hiccup

Full packet capture of this problem can be downloaded here.

Are you noticing the same problem? Please contact us!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
The initial redirect has the header "Server: Apache" (unusual for Google) and an "Age:" header (suggesting a proxy). The RTT (1ms) and TTL (63) suggest the TCP connection was terminated near the client. Seems like a broken, malicious or compromised transparent proxy - very interesting if this is being seen on several unrelated networks?
Simon

1 Posts
Yes, this was seen in several unrelated networks this morning. Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed.
Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
Quoting Manuel Humberto Santander Pelaacuteez:Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed.


Wait... Columbian ISP carriers are hijacking browser traffic, and redirecting it to their proxies "To cache it", on a routine basis?
Mysid

146 Posts

Sign Up for Free or Log In to start participating in the conversation!