Results 1 to 9 of 9

Thread: Sketchy Internet... Rerouting error?

  1. #1
    Join Date
    Jun 2007
    Posts
    310
    Mentioned
    0 Post(s)
    Quoted
    84 Post(s)

    Default Sketchy Internet... Rerouting error?

    Hey everyone. Ive got a particularly weird issue going on at the flat, and havent been able to find anything on google.

    I live in a flat with a few roommates. One owns the flat. He is a tech guy, studying CS.

    Our home internet behaves very oddly. We live in Western Europe. However, many websites will automatically direct me to the rusian version of the site. This happens on many many sites, and has proven to be very troublesome for me, and also worrisome... (is someone trying to harvest data?)

    As a result, at the moment I use a neighbors wifi who I am friends with.

    I;ve called out my flatmate several times about this issue, and he always said he had no idea what I was talking about, until one night the internet gave me serious issues with fraud detection, and I called him out again and he said yea, this isnt normal, and was able to ereproduce the issues on his machine.

    On all the devices in the house, if connecting to home itnernet, eventually sites are redirected to the Ru version. Does anyone have any suggestions to what may be going on? I believe the router was purchased in this country as well. How likely is it that there is something truly sketch going on?

    Thanks!

  2. #2
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    your roommate is doing a man in the middle attack in order to steal your identity

    I would get out of the house.

  3. #3
    Join Date
    Dec 2006
    Location
    Program TEXAS home of AUTOERS
    Posts
    7,934
    Mentioned
    26 Post(s)
    Quoted
    237 Post(s)

    Default

    Wait to get this straight:
    *When using your neighbors wifi, you are not encountering the issue?
    *Is your IP static or dynamic? Have you tried unplugging your modem/router for 10 secs?
    *What browser are you using? Have you tried browsing with other browsers?

  4. #4
    Join Date
    Feb 2011
    Location
    The Future.
    Posts
    5,600
    Mentioned
    396 Post(s)
    Quoted
    1598 Post(s)

    Default

    90% sure the router is being attacked via MITM. Use a VPN (MOST VPNs have a 7-day free trial) and see if it happens. If it doesn't then your router is compromised.

    Next.. check the certificates of the sites you visit (best option).
    Check the headers of the responses being sent with CharlesProxy or similar to see where the redirect is coming from.
    Do a tracert to see which route the request takes.

    If the certificates aren't trusted, you have a serious problem. Log into the router and see what's going on or hard-reset it while your roommate isn't there and watch them set up the router (typically a shit idea to mess with someone's equipment).. but once you find out you can get them in a shit ton of trouble if it's true.
    Last edited by Brandon; 02-13-2019 at 04:29 AM.
    I am Ggzz..
    Hackintosher

  5. #5
    Join Date
    Jun 2007
    Posts
    310
    Mentioned
    0 Post(s)
    Quoted
    84 Post(s)

    Default

    Quote Originally Posted by P1nky View Post
    Wait to get this straight:
    *When using your neighbors wifi, you are not encountering the issue?
    *Is your IP static or dynamic? Have you tried unplugging your modem/router for 10 secs?
    *What browser are you using? Have you tried browsing with other browsers?
    Static Ip I believe. The power goes out about once a week for several minutes

    Nope, only happens on this internet
    Reproduced on different browsers

  6. #6
    Join Date
    Jun 2007
    Posts
    310
    Mentioned
    0 Post(s)
    Quoted
    84 Post(s)

    Default

    Quote Originally Posted by Brandon View Post
    90% sure the router is being attacked via MITM. Use a VPN (MOST VPNs have a 7-day free trial) and see if it happens. If it doesn't then your router is compromised.

    Next.. check the certificates of the sites you visit (best option).
    Check the headers of the responses being sent with CharlesProxy or similar to see where the redirect is coming from.
    Do a tracert to see which route the request takes.

    If the certificates aren't trusted, you have a serious problem. Log into the router and see what's going on or hard-reset it while your roommate isn't there and watch them set up the router (typically a shit idea to mess with someone's equipment).. but once you find out you can get them in a shit ton of trouble if it's true.
    Using vpn, this issue does not occur

    Certificates are trusted

    I did the tracert but I don’t understand the results at all... same with headers and Charles. Took pics of them but don’t know what they mean.

    Thanks you guys all for the help. Still not sure how to proceed.
    With vpn it takes more hops in the tracert. Ultimately ends in .... reports destination net unreachable

    further edit

    Sorry for triple posts I’ll fix later on desktop. The fact that my ip stays the same after power outtaged is a bad sign. Port forwarding?

    Btw please move this to jr members for limited visibility
    Last edited by lolskilla; 02-19-2019 at 12:22 PM.

  7. #7
    Join Date
    Dec 2006
    Location
    Program TEXAS home of AUTOERS
    Posts
    7,934
    Mentioned
    26 Post(s)
    Quoted
    237 Post(s)

    Default

    Quote Originally Posted by lolskilla View Post
    Sorry for triple posts I’ll fix later on desktop. The fact that my ip stays the same after power outtaged is a bad sign. Port forwarding?

    Btw please move this to jr members for limited visibility
    Your ip may have a lease so it remembers the ip after the power outtage. You may want to contact the provider and see if this is normal behavior that is occuring. Your neighbor may have another provider?

  8. #8
    Join Date
    Jun 2007
    Posts
    310
    Mentioned
    0 Post(s)
    Quoted
    84 Post(s)

    Default

    Quote Originally Posted by P1nky View Post
    Your ip may have a lease so it remembers the ip after the power outtage. You may want to contact the provider and see if this is normal behavior that is occuring. Your neighbor may have another provider?
    He does use a different provider. I am not sure about the lease, but i can find out. Normal behavior as in, defaulting to Russian websites? Or maintaining the same IP.


    Any ideas on how to proceed from here? Think i'm gonna have to enlist in some ID protection service.... Super sketched out rn. Havent confirmed for sure that this is MITM; but I dont know why else the router would behave that way, routing websites to another country's version...
    Last edited by lolskilla; 02-19-2019 at 12:24 PM.

  9. #9
    Join Date
    Dec 2006
    Location
    Program TEXAS home of AUTOERS
    Posts
    7,934
    Mentioned
    26 Post(s)
    Quoted
    237 Post(s)

    Default

    Quote Originally Posted by lolskilla View Post
    He does use a different provider. I am not sure about the lease, but i can find out. Normal behavior as in, defaulting to Russian websites? Or maintaining the same IP.


    Any ideas on how to proceed from here? Think i'm gonna have to enlist in some ID protection service.... Super sketched out rn. Havent confirmed for sure that this is MITM; but I dont know why else the router would behave that way, routing websites to another country's version...
    As in defaulting to russian websites.
    If I were you I'd contact the provider and see what's going on. If they are no help than I'd change my provider before you accuse your roommate, say if you are wrong, well there goes your friendship with that person.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •