grwilde / namebench

Automatically exported from code.google.com/p/namebench
0 stars 0 forks source link

Security Risks #235

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Why does the Project Home Page say all of these servers are "Hacking"? Maybe 
this is some Techical Term inunderstood by most people, but it sure doesn't 
give anybody a warm-fuzzy feeling about using this. If anything, Scares people 
away for sure.

Also, the Installation packet says "Unknown Publisher" as it is 
Installing...now I'm wondering if this Site is Legitimate at ALL.... 

I wonder...

(Google is a well-known Publisher, there would be no Valid Reason for it to say 
'Unknown Publisher', as it's Installing
What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.

Original issue reported on code.google.com by sofear...@gmail.com on 9 May 2013 at 6:16

GoogleCodeExporter commented 8 years ago
For example:

208.67.222.222  OpenDNS-2          58  ms | www.google.com is hijacked: 
74.125.239.112, 74.125.239.114, 74.125.239.113, 74.125.239.115, 74.125.239.116, 
twitter.com appears incorrect: 199.59.150.7, 199.59.148.10, 199.59.149.230
216.146.35.35   DynGuide           66  ms | twitter.com appears incorrect: 
199.59.150.39, 199.59.149.230, 199.59.149.198, NXDOMAIN Hijacking, 
www.google.com is hijacked: 74.125.28.103, 74.125.28.104, 74.125.28.147, 
74.125.28.105, 74.125.28.99, 74.125.28.106

Original comment by digitalbitstream@gmail.com on 19 Jul 2013 at 7:01

GoogleCodeExporter commented 8 years ago
Turns out it gives that particular message if the server is one of:

LIKELY_HIJACKS = ['www.google.com.', 'windowsupdate.microsoft.com.', 
'www.paypal.com.']

And it does not get a certain type of reply.  Unfortunately 'host 
www.google.com' can give a different set of IP addresses every time, based on 
load and which google datacenter you happen to be nearest at the moment.

Original comment by digitalbitstream@gmail.com on 24 Jul 2013 at 5:13