Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upStrange outgoing connections on netvm #3184
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
tonsilware
Oct 18, 2017
It might be possible that your ISP has "sold" your DNS traffic to Search Guide Inc and Search Guide Inc are hijacking all your unresolvable DNS queries in order to show you adverts. Which DNS servers are you using?
Solution might be to manually set your router / computers to use another DNS service, e.g. Google's DNS servers (8.8.8.8 and 8.8.4.4) or OpenDNS (208.67.222.222 and 208.67.220.220).
tonsilware
commented
Oct 18, 2017
•
edited
Edited 1 time
-
tonsilware
edited Oct 18, 2017 (most recent)
edited
-
Oct 18, 2017 (most recent)
|
It might be possible that your ISP has "sold" your DNS traffic to Search Guide Inc and Search Guide Inc are hijacking all your unresolvable DNS queries in order to show you adverts. Which DNS servers are you using? Solution might be to manually set your router / computers to use another DNS service, e.g. Google's DNS servers (8.8.8.8 and 8.8.4.4) or OpenDNS (208.67.222.222 and 208.67.220.220). |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
guudeve
Oct 18, 2017
Hey tonsilware you are absolutely right. This is so creepy! what the hell is wrong with Charter? they scared the crap out of me. I found this virus total link https://www.virustotal.com/en-gb/ip-address/198.105.254.24/information/ | https://www.virustotal.com/en-gb/ip-address/198.105.244.24/information/ and a reddit report about them doing hijacking as well https://www.reddit.com/r/AskNetsec/comments/3gcz7m/charter_injecting_scripts_into_my_browser/. I do use their dns server. I'm gonna change it to Google. I wish i could setup a vpn on my router but i use Netflix and other streaming services that do not allow vpn. Thanks!
guudeve
commented
Oct 18, 2017
|
Hey tonsilware you are absolutely right. This is so creepy! what the hell is wrong with Charter? they scared the crap out of me. I found this virus total link https://www.virustotal.com/en-gb/ip-address/198.105.254.24/information/ | https://www.virustotal.com/en-gb/ip-address/198.105.244.24/information/ and a reddit report about them doing hijacking as well https://www.reddit.com/r/AskNetsec/comments/3gcz7m/charter_injecting_scripts_into_my_browser/. I do use their dns server. I'm gonna change it to Google. I wish i could setup a vpn on my router but i use Netflix and other streaming services that do not allow vpn. Thanks! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andrewdavidwong
Oct 19, 2017
Member
Closing this as "resolved." If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you.
|
Closing this as "resolved." If you believe the issue is not yet resolved, or if anyone is still affected by this issue, please leave a comment, and we'll be happy to reopen this. Thank you. |
guudeve commentedOct 18, 2017
Qubes version: 3.2(R3.2)
Netvm-Template: Fedora 25
I'm seeing some weird outgoing connections on my netvm. My machines IP is 192.168.33.2. Why would there be netbios connections going to a public IP 198.105.254.24. Is the below normal?
05:36:03.443684 IP (tos 0x0, ttl 64, id 6438, offset 0, flags [DF], proto UDP (17), length 78)
192.168.33.2.49488 > 192.168.33.31.137: [udp sum ok]