China Telecom Hijacks The Internet

从昨天开始,我们这整块宿舍区都遭遇了网页劫持,浏览网页被强制重定向到某IP,再通过iframe方式浏览用户的目标网页。排除了DNS劫持因素(我用的是opendns服务),剩下的解释只有…有人直接从数据流做手脚了。

该IP来自南昌本市,这是whois信息:

Genbox ~ # whois 59.55.140.243
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      59.52.0.0 - 59.55.255.255
netname:      CHINANET-JX
descr:        CHINANET Jiangxi province network
descr:        China Telecom
descr:        No.31,jingrong street
descr:        Beijing 100032
country:      CN
admin-c:      CH93-AP
tech-c:       JN113-AP
remarks:      service provider
status:       ALLOCATED PORTABLE
mnt-by:       APNIC-HM
mnt-lower:    MAINT-IP-WWF
changed:      hm-changed@apnic.net 20050208
source:       APNIC

role:         JXDCB NET
address:      DATA COMMUNICATION BUREAY
address:      NO.39,YANJIANG NORTH ROAD,NANCHANG,JIANGXI
country:      CN
phone:        +86 791 6730586
fax-no:       +86 791 6707755
e-mail:       hostmaster@public1.nc.jx.cn
trouble:      send spam reports to hostmaster@public1.nc.jx.cn
trouble:      and abuse reports to hostmaster@public1.nc.jx.cn
admin-c:      XY1-AP
tech-c:       WZ1-CN
tech-c:       WW49-AP
nic-hdl:      JN113-AP
remarks:      http://www.online.jx.cn
notify:       hostmaster@public1.nc.jx.cn
mnt-by:       MAINT-IP-WWF
changed:      hm-changed@apnic.net 20020812
source:       APNIC

person:       Chinanet Hostmaster
nic-hdl:      CH93-AP
e-mail:       anti-spam@ns.chinanet.cn.net
address:      No.31 ,jingrong street,beijing
address:      100032
phone:        +86-10-58501724
fax-no:       +86-10-58501724
country:      CN
changed:      dingsy@cndata.com 20070416
mnt-by:       MAINT-CHINANET
source:       APNIC

电话10000号,要嘛问我是不是中木马了,要嘛说升级下浏览器…我像那种白痴用户吗? 也只有我这么警觉发现了这个问题。我能想到的解释是…要嘛电信内部做了手脚,要嘛电信被黑了。

没有别的办法,只能暂时先通过iptables来封掉这两个IP了:

iptables -A INPUT -s 59.55.140.243 -j REJECT
iptables -A INPUT -s 59.55.140.239 -j REJECT
iptables -A OUTPUT -d 59.55.140.243 -j REJECT
iptables -A OUTPUT -d 59.55.140.239 -j REJECT

电信啊,电信啊…有哪个是黑客高手的,来帮忙把那ip所在主机给黑了,换成我的google ad,收入咱平分!

2 Reponses So Far ↓

  1. druggo:

    你已经很幸福了,我连电脑都坏了。

  2. fcicq:

    ms 偶这里的劫持的, 服务器用 nginx 跑静态页面… 不会黑 :D

Leave a Reply ↓