On Monday 29 November 2004 06:03 pm, Mark Phillips wrote:
> After doing a google search on the "Oops" message, I found a url that
> returns this mysterious page - www.careerz.com/. It seems all the links
> go to http://apps5.oingo.com/apps/domainpark/results.cgi? and then
> some codes etc. I think this is why the cox guy thought I had spyware
> on my system.
>
> Anybody have any ideas on why this is happening to me?
This is a strange one with all the marks of spyware or a redirector trojan.
But, on Linux? It'd be a first for me if this is the case.
(Other more expert people on networks and protocols, etc. will have to correct
me if I go wrong in my next rambling.)
When you ask for a web page, the URL name has to be resolved to an IP address.
The DNS service. There are several places on both ends of the request where
the IP address can get "adjusted," usually by design.
- The local hosts file (/etc/hosts*)
- The gateway hosts records
- The ISP hosts records
- The DNS servers
- The target IP can redirect
- The redirected target can redirect, etc.
(That triggers a thought: Have you exectuted a traceroute command against
some of these problem URLs?)
Anyway, since you have two browsers doing this funny page, the problem may
(should?) lie along the path. Somebody, by error or purpose, is redirecting
DNS lookups to the wrong IP address, this oingo place.
Try the traceroute and see where it takes you. Also, post a list of some of
the web pages that get redirected so we can try them. The differences in
routing could be interesting.
Of course, if my reasoning here makes no sense to the real network admins,
then I await correction.
Alan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)