TCP hijacking ?

By
Pank
on March 8, 2009 12:59 AM | | Comments (0)

3/1 起就有人上 tw.msn.comtaiwan.cnet.com 等站被導到
http://www.dachengkeji.com/article/index.htm 或 http://www.dachengkeji.cn/article/index.htm
直接輸入 IP 也會被導走, 根據 richliu 所提供的封包,
看來是搶在正常的封包前被塞了一個帶有轉址訊息的封包
(<meta http-equiv="refresh" content="0;url=http://www.dachengkeji.cn/article/index.htm>)
似乎是新型的攻擊手法, 此問題發生具有隨機性, 使得追查原因比較困難.
用這種手法來宣傳倒是不錯, 強迫大家都去你的站, 呵呵!

ref. mobile01 討論串

Categories:

Leave a comment

Categories

Monthly Archives

Search

March 2009

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

About this Entry

This page contains a single entry by Pank published on March 8, 2009 12:59 AM.

CultureInfo was the previous entry in this blog.

Using shell variable in awk is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.