Olympus-OM
[Top] [All Lists]

Re: [OM] OT: Facebook Failure

Subject: Re: [OM] OT: Facebook Failure
From: WayneS <om3ti@xxxxxxxx>
Date: Thu, 22 Nov 2018 09:59:00 -0700
PS,

if you have traceroute on you router compare that with tracert from a command 
prompt in windows.

Wayne S

# tracert facebook.com

Tracing route to facebook.com [157.240.22.35]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.16.1
  2     8 ms     6 ms     3 ms  104.238.253.33
  3     7 ms     8 ms     6 ms  144.208.110.209
  4     8 ms     8 ms     6 ms  172.18.255.18
  5     9 ms     6 ms     8 ms  144.208.110.149
  6     6 ms     6 ms     7 ms  144.208.110.146
  7    17 ms    18 ms    18 ms  xe-3-1-1.mpr1.phx7.us.zip.zayo.com 
[209.66.99.109]
  8    20 ms    19 ms    19 ms  ae5.mpr3.phx2.us.zip.zayo.com [64.125.31.146]
  9    28 ms    28 ms    27 ms  ae28.cs1.lax112.us.eth.zayo.com [64.125.31.252]
 10    27 ms    31 ms    28 ms  ae2.cs1.sjc2.us.eth.zayo.com [64.125.28.144]
 11    25 ms    26 ms    26 ms  ae27.cr1.sjc2.us.zip.zayo.com [64.125.30.231]
 12    26 ms    26 ms    27 ms  ae16.mpr3.sjc7.us.zip.zayo.com [64.125.31.13]
 13    26 ms    28 ms    28 ms  
128.177.170.162.IPYX-100687-900-ZYO.zip.zayo.com [128.177.170.162]
 14    27 ms    29 ms    28 ms  po141.asw04.sjc1.tfbnw.net [31.13.26.204]
 15    28 ms    26 ms    26 ms  po244.psw03.sjc3.tfbnw.net [157.240.48.9]
 16    28 ms    30 ms    30 ms  157.240.38.145
 17    27 ms    28 ms    28 ms  edge-star-mini-shv-01-sjc3.facebook.com 
[157.240.22.35]

Trace complete.

At 11/22/2018 09:48 AM, you wrote:
>Seriously though, I have found something amiss in my own computer or network 
>most of the time. A few months ago my computer got infected, as secure as I 
>try to be. Firefox was being redirected through some other server. No AV or 
>malware detection could find it. I even investigated in depth all the mozilla 
>configuration JSON files, etc. I even mounted the drive in a Linux system to 
>investigate registry hives...
>
>I eventually put in a new disk and re-installed windoze. I then mounted the 
>infected disk in a linux box to recover whatever I needed. (note, to mount a 
>windows boot disk in Linux as R/W you need to make sure to turn off Fast Boot 
>option in Windws, which with the latest October update has become harder to 
>access. Linux will mount Read Only if this is not done.)
>
>This is probably more than the normal user would be able to do, I admit.
>
>Because Facebook is so popular, it is a favorite platform to attack with 
>malicious links. How many users on facebook have computers that are 
>compromised? Redirecting searches is also common malware. Unfortunately the 
>safest things to do usually breaks so many things users bypass them (eg. 
>noscript)
>
>So my take away is to always suspect my own system first. But it is true that 
>China periodically re-routes traffic through their servers due to insecure 
>internet routers and the BGP. But even worse, there are so many other bad 
>actors these days. If something is persistently wrong it is more likely your 
>system or IP connection.
>
>You might try a traceroute to facebook.com. If you get routes with *, I would 
>wonder what hidden router was in the path.  From my Linux router... (note that 
>many firewall router web config page have a "Network Tools" page with ping, 
>traceroute, nslookup, ... Eg. my Asus RT-AC68U wifi router.)
>
> $traceroute facebook.com
>traceroute to facebook.com (157.240.22.35), 30 hops max, 60 byte packets
> 1  104.238.253.33 (104.238.253.33)  7.269 ms  7.210 ms  7.144 ms
> 2  144.208.110.209 (144.208.110.209)  7.151 ms  7.126 ms  7.109 ms
> 3  172.18.255.18 (172.18.255.18)  9.583 ms  9.595 ms  9.565 ms
> 4  144.208.110.149 (144.208.110.149)  9.585 ms  9.546 ms  9.551 ms
> 5  144.208.110.184 (144.208.110.184)  9.525 ms  9.493 ms  9.465 ms
> 6  phn4-edge-01.inet.qwest.net (65.116.180.57)  9.651 ms  9.867 ms  9.788 ms
> 7  snj-edge-04.inet.qwest.net (67.14.34.86)  27.065 ms  27.050 ms  26.968 ms
> 8  198.233.122.154 (198.233.122.154)  32.132 ms  27.684 ms  27.684 ms
> 9  po131.asw04.sjc1.tfbnw.net (157.240.32.34)  27.582 ms 
> po131.asw03.sjc1.tfbnw.net (157.240.32.32)  27.594 ms 
> po131.asw04.sjc1.tfbnw.net (157.240.32.34)  27.597 ms
>10  po236.psw02.sjc3.tfbnw.net (157.240.42.21)  27.592 ms 
>po216.psw01.sjc3.tfbnw.net (31.13.29.225)  27.580 ms 
>po226.psw02.sjc3.tfbnw.net (157.240.40.169)  27.538 ms
>11  157.240.38.209 (157.240.38.209)  27.542 ms 157.240.38.199 (157.240.38.199) 
> 27.501 ms 157.240.38.109 (157.240.38.109)  25.184 ms
>12  edge-star-mini-shv-01-sjc3.facebook.com (157.240.22.35)  27.734 ms  27.725 
>ms  27.698 ms
>
>For the paranoid, install virtualbox, create a kubuntu VM, and run Firefox in 
>the VM to do Facebook stuff.
>
>Paranoid Generation WayneS
>Buffalo Springfield - 'for what it's worth'
>
>At 11/22/2018 08:31 AM, you wrote:
>>     I know you're joking, but I shudder to think that they or someone else 
>> is trying out something similar in preparation for bigger game.
>>
>>>
>>>It's just China checking a new version of their border gateway protocol 
>>>hacking tools.
>>>
>>
>>Chris
>-- 
>_________________________________________________________________
>Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
>Archives: http://lists.thomasclausen.net/mailman/private/olympus/
>Themed Olympus Photo Exhibition: http://www.tope.nl/
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz