[App_rpt-users] Got a strange error in my AT&T gateway
kb4fxc at inttek.net
Sun Jul 30 14:04:09 EDT 2017
I sent you a link to a related, but wrong article, earlier. This link
explains what is going on:
So, basically, what "hijacked" means is that the DNS entry for
stats.allstarlink.org has been spoofed by AT&T, and those queries have
been redirected to an AT&T proxy server (AKA: man in the middle) for
"evaluation" before passing the request along to the REAL stats server.
DNS hijacking is becoming a serious problem these days, even if you set
your DNS server explicitly to a well known address---like google
(18.104.22.168)....This problem is one reason so much traffic on the Internet
these days uses TLS (https), since using TLS will at least notify you of
an invalid host (like a proxy server). BUT, be aware that even using TLS
doesn't eliminate this man-in-the-middle problem, it just makes it easier
73, David KB4FXC
On Sun, 30 Jul 2017, George Csahanin wrote:
> Maybe I wasn't clear on this point.
> host=stats.allstarlink.org url=/uhandler.php is a valid line from rpt.conf, well, technically http://stats.allstarlink.org/uhandler.php is.
> And my stats show up in stats.allstarlink.org
> I found this on ATT forum, from another user (oddly, NOT from AT&T):
> */"the correct information in regards to the " hijacked" description
> endings in the logs. They are stating that the/**/*Gateway*/**/has hijacked the connection, and is providing responses. It does not
> mean that an external party has hijacked the connection. The gateway
> does this to send you error messages (i.e. in your browser), but it
> usually causes more harm than it does good./*"
> I'll ignore this log entry. The daily reboot is still a mystery, sort of...it IS AT&T
> On 7/29/2017 12:29 PM, George Csahanin wrote:
> > Hi all. I've been seeing a daily reboot of my AT&T gateway, has done
> > it three times now. Looked at the logs in the AT&T box and I see several:
> > host=stats.allstarlink.org url=/uhandler.php hijacked
> > Anybody know what this might mean?
> > GeorgeC
More information about the App_rpt-users