View Single Post
Old 27th October 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

We'd need to know where the redirection is taking place. Is it taking place in firefox, a local names server, or a remote one.
tcpdump is your friend. # tcpdump -vv -i rl0 > ~/trafficdump (where rl0 is your network device) will create a file called trafficdump with descriptions of all your packets.
As for spy-ware under Unix; Well, it will happen. I am surprised to see how little they are targeting Firefox. But I don't think that is it. It's what I'd be looking for if a winbox was doing that, though.

My thought is that somewhere along the line, one of the name servers you have set is giving you anything-dot-com's address instead of the one you want. Why, how and where is still a mystery. (Have we got DNS cache poisoning going on here???)
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote