RE: http requests getting redirected to coolsavings.com

["WINTERS, KELLY (SBIS)" <kw7436 () sbc com>]

sounds like a dns problem.... take a look at your zone file w/ nslookup.

-----Original Message-----
From: Sonika Malhotra [mailto:sonikam () magnum barc ernet in]
Sent: Wednesday, May 19, 2004 12:09 AM
To: security-basics
Cc: Sonika Malhotra
Subject: http requests getting redirected to coolsavings.com


Hello List,

I have a user-network which access the Internet through a proxy server
(squid - 2.5-stable )
We are facing a problem since few days. Any request for commonly accessed
sites like www.google.com,www.rediff.com, www.yahoo.com gets redirected to
the
www.coolsavings.com

The TCPdump for a session is attached for reference.kindly give some
pointers to How is this happening?

The following attached file is client-pc to proxy-server communication.The
extra contents( packet data contents) have been removed considereing the
file size.(still it is 51K). From the client PC the site www.google.com is
hit and the traffic dump is taken using the ngrep tool.

Regards
Sonika



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------