Google having a hiccup in Colombia

Published: 2013-11-30
Last Updated: 2013-11-30 15:27:24 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
3 comment(s)

Today google is having a hiccup in Colombia. Users accessing www.google.com are having the following result:

Google Hiccup

That looked weird. I was wondering if it was some kind of DNS spoofing attack, but it's not. www google.com.co is working ok, but not www.google.com. Both of them are in the same netblock:

IP address for google

TCP stream of packet capture shows a redirection to a non-existent file:

TCP stream google hiccup

Full packet capture of this problem can be downloaded here.

Are you noticing the same problem? Please contact us!

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

Keywords:
3 comment(s)

Comments

The initial redirect has the header "Server: Apache" (unusual for Google) and an "Age:" header (suggesting a proxy). The RTT (1ms) and TTL (63) suggest the TCP connection was terminated near the client. Seems like a broken, malicious or compromised transparent proxy - very interesting if this is being seen on several unrelated networks?
Yes, this was seen in several unrelated networks this morning. Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed.
[quote=comment#28568]Did some research and seems to be there was a problem in the caching devices of the major two carriers in Colombia. As of right now it's fixed.[/quote]

Wait... Columbian ISP carriers are hijacking browser traffic, and redirecting it to their proxies "To cache it", on a routine basis?

Diary Archives