Last active
December 16, 2015 13:28
-
-
Save collina/5441675 to your computer and use it in GitHub Desktop.
DNS Injection through ASN12880 for Facebook (Iran)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@nami:~# dig facebook.com @8.8.8.8 +tcp | |
| ; <<>> DiG 9.8.1-P1 <<>> facebook.com @8.8.8.8 +tcp | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37010 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; QUESTION SECTION: | |
| ;facebook.com. IN A | |
| ;; ANSWER SECTION: | |
| facebook.com. 85 IN A 173.252.110.27 | |
| ;; Query time: 244 msec | |
| ;; SERVER: 8.8.8.8#53(8.8.8.8) | |
| ;; WHEN: Tue Apr 23 12:24:57 2013 | |
| ;; MSG SIZE rcvd: 46 | |
| root@nami:~# dig facebook.com @8.8.8.8 +notcp | |
| ; <<>> DiG 9.8.1-P1 <<>> facebook.com @8.8.8.8 +notcp | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58020 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; QUESTION SECTION: | |
| ;facebook.com. IN A | |
| ;; ANSWER SECTION: | |
| facebook.com. 889 IN A 10.10.34.34 | |
| ;; Query time: 5 msec | |
| ;; SERVER: 8.8.8.8#53(8.8.8.8) | |
| ;; WHEN: Tue Apr 23 12:25:04 2013 | |
| ;; MSG SIZE rcvd: 46 | |
| root@nami:~# traceroute -T -p 53 8.8.8.8 | |
| traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets | |
| 1 [host] 0.689 ms 0.695 ms 1.565 ms | |
| 2 [next hop] 2.666 ms 2.753 ms 2.900 ms | |
| 3 [next after] 1.030 ms 0.980 ms 1.059 ms | |
| 4 p2p.huawei-rtr.aryasat.dist-sw.aryasat.ir (78.154.32.173) 3.525 ms 3.755 ms 3.993 ms | |
| 5 78.38.255.100 (78.38.255.100) 1.997 ms 1.953 ms 1.994 ms | |
| 6 * * * | |
| 7 10.10.36.117 (10.10.36.117) 1.936 ms 1.870 ms 1.823 ms | |
| 8 10.10.53.249 (10.10.53.249) 1.573 ms 1.663 ms 2.233 ms | |
| 9 ldn-b4-link.telia.net (213.155.129.33) 167.889 ms 178.272 ms 178.209 ms | |
| 10 ldn-bb2-link.telia.net (80.91.249.133) 162.125 ms ldn-bb1-link.telia.net (80.91.249.131) 176.530 ms ldn-bb2-link.telia.net (80.91.249.133) 176.398 ms | |
| 11 ldn-b3-link.telia.net (213.155.133.5) 178.110 ms 178.035 ms 177.976 ms | |
| 12 google-ic-126258-ldn-b3.c.telia.net (213.248.67.66) 239.349 ms 239.287 ms 239.203 ms | |
| 13 209.85.240.61 (209.85.240.61) 230.075 ms 209.85.240.63 (209.85.240.63) 229.991 ms 229.950 ms | |
| 14 209.85.253.94 (209.85.253.94) 230.156 ms 230.085 ms 230.017 ms | |
| 15 209.85.243.33 (209.85.243.33) 244.549 ms * 236.263 ms | |
| 16 216.239.49.30 (216.239.49.30) 238.381 ms 239.124 ms 216.239.49.28 (216.239.49.28) 238.928 ms | |
| 17 * * * | |
| 18 google-public-dns-a.google.com (8.8.8.8) 238.684 ms 238.586 ms 238.369 ms | |
| ### TCP ### | |
| 12:32:30.524492 IP (tos 0x0, ttl 64, id 50716, offset 0, flags [DF], proto TCP (6), length 60) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [S], cksum 0xe11d (incorrect -> 0xce36), seq 1580395012, win 14600, options [mss 1460,sackOK,TS val 351874072 ecr 0,nop,wscale 3], length 0 | |
| 12:32:30.767365 IP (tos 0x0, ttl 41, id 53056, offset 0, flags [none], proto TCP (6), length 60) | |
| google-public-dns-a.google.com.domain > [host].54872: Flags [S.], cksum 0x9e58 (correct), seq 4127299019, ack 1580395013, win 62392, options [mss 1430,sackOK,TS val 3012244958 ecr 351874072,nop,wscale 6], length 0 | |
| 12:32:30.767394 IP (tos 0x0, ttl 64, id 50717, offset 0, flags [DF], proto TCP (6), length 52) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [.], cksum 0xe115 (incorrect -> 0xb961), ack 1, win 1825, options [nop,nop,TS val 351874132 ecr 3012244958], length 0 | |
| 12:32:30.767738 IP (tos 0x0, ttl 64, id 50718, offset 0, flags [DF], proto TCP (6), length 84) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [P.], cksum 0xf0a4 (correct), seq 1:33, ack 1, win 1825, options [nop,nop,TS val 351874132 ecr 3012244958], length 3219813+ A? facebook.com. (30) | |
| 12:32:31.012023 IP (tos 0x0, ttl 41, id 53057, offset 0, flags [none], proto TCP (6), length 52) | |
| google-public-dns-a.google.com.domain > [host].54872: Flags [.], cksum 0xbb9f (correct), ack 33, win 975, options [nop,nop,TS val 3012245202 ecr 351874132], length 0 | |
| 12:32:31.012230 IP (tos 0x0, ttl 41, id 53058, offset 0, flags [none], proto TCP (6), length 100) | |
| google-public-dns-a.google.com.domain > [host].54872: Flags [P.], cksum 0x941d (correct), seq 1:49, ack 33, win 975, options [nop,nop,TS val 3012245202 ecr 351874132], length 4819813 1/0/0 facebook.com. A 173.252.110.27 (46) | |
| 12:32:31.012240 IP (tos 0x0, ttl 64, id 50719, offset 0, flags [DF], proto TCP (6), length 52) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [.], cksum 0xe115 (incorrect -> 0xb7df), ack 49, win 1825, options [nop,nop,TS val 351874194 ecr 3012245202], length 0 | |
| 12:32:31.015418 IP (tos 0x0, ttl 64, id 50720, offset 0, flags [DF], proto TCP (6), length 52) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [F.], cksum 0xe115 (incorrect -> 0xb7de), seq 33, ack 49, win 1825, options [nop,nop,TS val 351874194 ecr 3012245202], length 0 | |
| 12:32:31.255424 IP (tos 0x0, ttl 41, id 53059, offset 0, flags [none], proto TCP (6), length 52) | |
| google-public-dns-a.google.com.domain > [host].54872: Flags [F.], cksum 0xba37 (correct), seq 49, ack 34, win 975, options [nop,nop,TS val 3012245450 ecr 351874194], length 0 | |
| 12:32:31.255450 IP (tos 0x0, ttl 64, id 50721, offset 0, flags [DF], proto TCP (6), length 52) | |
| [host].54872 > google-public-dns-a.google.com.domain: Flags [.], cksum 0xe115 (incorrect -> 0xb6a9), ack 50, win 1825, options [nop,nop,TS val 351874254 ecr 3012245450], length 0 | |
| ### UDP ### | |
| 12:28:42.539211 IP (tos 0x0, ttl 64, id 22796, offset 0, flags [none], proto UDP (17), length 58) | |
| [host].44334 > google-public-dns-a.google.com.domain: 48129+ A? facebook.com. (30) | |
| 12:28:42.541224 IP (tos 0x0, ttl 56, id 0, offset 0, flags [none], proto UDP (17), length 74) | |
| google-public-dns-a.google.com.domain > [host].44334: 48129 1/0/0 facebook.com. A 10.10.34.34 (46) | |
| 12:28:42.541403 IP (tos 0x0, ttl 56, id 0, offset 0, flags [none], proto TCP (6), length 430) | |
| google-public-dns-a.google.com.domain > [host].44334: Flags [F.], cksum 0x52e1 (correct), seq 2919774092:2919774470, ack 3861613531, win 27, options [eol], length 37821584 update+% [b2&3=0x2f31] [8244a] [11825q] [12339n] [8262au][|domain] | |
| 12:28:42.541411 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) | |
| [host].44334 > google-public-dns-a.google.com.domain: Flags [R], cksum 0xaf86 (correct), seq 3861613531, win 0, length 0 | |
| 12:28:42.541470 IP (tos 0x0, ttl 56, id 0, offset 0, flags [none], proto TCP (6), length 52) | |
| google-public-dns-a.google.com.domain > [host].44334: Flags [R], cksum 0x99e8 (correct), seq 3861613501, win 27, options [eol], length 0 | |
| 12:28:42.541474 IP (tos 0x0, ttl 56, id 0, offset 0, flags [none], proto TCP (6), length 52) | |
| google-public-dns-a.google.com.domain > [host].44334: Flags [R], cksum 0x99e8 (correct), seq 3861613501, win 27, options [eol], length 0 | |
| 12:28:42.541477 IP (tos 0x0, ttl 56, id 0, offset 0, flags [none], proto TCP (6), length 52) | |
| google-public-dns-a.google.com.domain > [host].44334: Flags [R], cksum 0x99e8 (correct), seq 3861613501, win 27, options [eol], length 0 | |
| 12:28:42.541616 IP (tos 0x0, ttl 55, id 0, offset 0, flags [none], proto TCP (6), length 430) | |
| google-public-dns-a.google.com.domain > [host].44334: Flags [F.], cksum 0x52e1 (correct), seq 0:378, ack 1, win 27, options [eol], length 37821584 update+% [b2&3=0x2f31] [8244a] [11825q] [12339n] [8262au][|domain] | |
| 12:28:42.541622 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) | |
| [host].44334 > google-public-dns-a.google.com.domain: Flags [R], cksum 0xaf86 (correct), seq 3861613531, win 0, length 0 | |
| root@nami:~# dig facebook.com @recursive1.dci.ir | |
| ; <<>> DiG 9.8.1-P1 <<>> facebook.com @recursive1.dci.ir | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10785 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 | |
| ;; QUESTION SECTION: | |
| ;facebook.com. IN A | |
| ;; ANSWER SECTION: | |
| facebook.com. 763 IN A 173.252.110.27 | |
| ;; AUTHORITY SECTION: | |
| facebook.com. 99202 IN NS a.ns.facebook.com. | |
| facebook.com. 99202 IN NS b.ns.facebook.com. | |
| ;; ADDITIONAL SECTION: | |
| a.ns.facebook.com. 116357 IN A 69.171.239.12 | |
| b.ns.facebook.com. 85019 IN A 69.171.255.12 | |
| ;; Query time: 7 msec | |
| ;; SERVER: 217.218.127.127#53(217.218.127.127) | |
| ;; WHEN: Tue Apr 23 12:42:52 2013 | |
| ;; MSG SIZE rcvd: 113 | |
| root@nami:~# dig youtube.com @recursive1.dci.ir | |
| ; <<>> DiG 9.8.1-P1 <<>> youtube.com @recursive1.dci.ir | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49938 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4 | |
| ;; QUESTION SECTION: | |
| ;youtube.com. IN A | |
| ;; ANSWER SECTION: | |
| youtube.com. 118 IN A 74.125.132.190 | |
| youtube.com. 118 IN A 74.125.132.91 | |
| youtube.com. 118 IN A 74.125.132.93 | |
| youtube.com. 118 IN A 74.125.132.136 | |
| ;; AUTHORITY SECTION: | |
| youtube.com. 304716 IN NS ns2.google.com. | |
| youtube.com. 304716 IN NS ns3.google.com. | |
| youtube.com. 304716 IN NS ns4.google.com. | |
| youtube.com. 304716 IN NS ns1.google.com. | |
| ;; ADDITIONAL SECTION: | |
| ns1.google.com. 191561 IN A 216.239.32.10 | |
| ns2.google.com. 191561 IN A 216.239.34.10 | |
| ns3.google.com. 191561 IN A 216.239.36.10 | |
| ns4.google.com. 191561 IN A 216.239.38.10 | |
| ;; Query time: 2 msec | |
| ;; SERVER: 217.218.127.127#53(217.218.127.127) | |
| ;; WHEN: Tue Apr 23 12:43:09 2013 | |
| ;; MSG SIZE rcvd: 236 | |
| root@nami:~# dig facebook.com @85.15.1.10 | |
| ; <<>> DiG 9.8.1-P1 <<>> facebook.com @85.15.1.10 | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 35405 | |
| ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 | |
| ;; WARNING: recursion requested but not available | |
| ;; QUESTION SECTION: | |
| ;facebook.com. IN A | |
| ;; Query time: 4 msec | |
| ;; SERVER: 85.15.1.10#53(85.15.1.10) | |
| ;; WHEN: Tue Apr 23 13:17:53 2013 | |
| ;; MSG SIZE rcvd: 30 | |
| root@nami:~# traceroute -T -p 53 85.15.1.10 | |
| traceroute to 85.15.1.10 (85.15.1.10), 30 hops max, 60 byte packets | |
| 1 [host] 0.701 ms 0.908 ms 1.101 ms | |
| 2 [next hop] 44.794 ms 44.961 ms 44.917 ms | |
| 3 [for good measure] 1.269 ms 1.226 ms 1.173 ms | |
| 4 p2p.huawei-rtr.aryasat.dist-sw.aryasat.ir (78.154.32.173) 4.374 ms 4.537 ms 4.493 ms | |
| 5 78.38.255.100 (78.38.255.100) 2.195 ms 2.141 ms 2.466 ms | |
| 6 78.38.245.194 (78.38.245.194) 2.027 ms 1.817 ms 1.788 ms | |
| 7 195.146.33.30 (195.146.33.30) 1.699 ms 1.872 ms 1.819 ms | |
| 8 78.38.240.41 (78.38.240.41) 1.858 ms 1.901 ms 2.005 ms | |
| 9 78.38.255.58 (78.38.255.58) 1.779 ms 1.884 ms 2.046 ms | |
| 10 85-15-0-81.rasana.net (85.15.0.81) 2.499 ms 2.444 ms 2.750 ms | |
| 11 85-15-0-14.rasana.net (85.15.0.14) 2.592 ms 2.227 ms 2.111 ms |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment