Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Security =>  Server Security

Get Facebook, Twitter and YouTube back

  Pi Ke      2014-12-20 21:41:34      2,763    1    0

Facebook, Twitter and YouTube have become part of many people's daily network life. People hang around these sites to network with known and unknown friends, to know about the latest news and to relax with fancy video clips. But what will you feel if all of a sudden you cannot access them? Want to experience this? Go behind the GFW(Great Firewall) of China. Just a joke, but it's real.

Huh, you are out of China? Don't worry. Change your DNS server to those located in China. I just experienced it, although it's not planned and unpleasant one.

I am not sure what happens at the beginning, all of a sudden, I cannot access YouTube, Facebook and Twitter. But other sites are just fine. So I think it would be network problem, but it's weird, why other sites are fine? Are these sites down? Not probably, they cannot be down at the same time. So I just restarted my computer and oola, these sites are back, I can watch videos again. However, not lasting long, the issue happens again. After a few tries of restart, I was frustrated.

I tried as many ways as I know to fix the issue. Below are some ways I tried:

  • Disable the network and enable it -- Not working
  • Restart the computer -- Working for sometime, but failing again
  • Disable firewall -- Not working
  • Reinstall network driver --Not working
  • Flush DNS by issuing ipconfig /flushdns and ipconfig /release, ipconfig /renew-- Working for some time
  • Google it -- Working

After lots of Googling, I found that my problem was caused by the DNS spoofing. I tried to ping www.facebook.com and www.twitter.com and www.youtube.com, the strange thing is I get the same IP address for these sites:

The IP address is 37.61.54.158, I searched the IP address and find an astonishing fact that it's in Azerbaijan.

What the hell, my computer was hijacked. When I paste the IP on Google, I see the top entries are Chinese. Are these related to GFW of China? I know that China has blocked these famous websites from its citizen. So I did a ipconfig /all and see below:

Both these DNS server IP addresses are coming from China. No wonder I get the issue. With the root cause unveiled, next step is how to change the DNS server. But before that, I want to know why my DNS servers are from China?I am not in China now. Usually the DNS servers are automatically received from ISP unless otherwise self-configured. Below steps are followed to find out how the DNS servers are configured.

  1. Click Start.
  2. Select Network, then Network and Sharing Center, and click Manage network connections or Change adapter settings from the list of tasks.
  3. Right click the connection of interest and click Properties.
  4. SelectInternet Protocol Version 4 (TCP/IPv4) from the list and click the Properties button.

Obtain DNS Server address automatically is what needed  Below steps are just trivial now:

  1. Click Start.
  2. Select Network, then Network and Sharing Center, and click Manage network connections or Change adapter settings from the list of tasks.
  3. Right click the connection of interest and click Properties.
  4. Select Internet Protocol Version 4 (TCP/IPv4) from the list and click the Properties button.
  5. Select Obtain an IP address automatically.
  6. Select Obtain DNS Server address automatically.
  7. Click OK.
  8. Click Close.

The issue is resolve and Facebook, Twitter and Facebook are back although it's still a mystery why the DNS Server addresses are changed to these two. Maybe a malware?

DNS SPOOFING GFW YOUTUBE 37.61.54.158

  SAVE AS PDF   MARK AS READ   MARK AS IMPORTANT

Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious

  RELATED


  1 COMMENT


Katrice [Reply]@ 2015-01-03 03:23:09
Appreciate this post. Let me try it out.

  WRITE ARTICLE

Is this how you debug?

By sonic0002