腾讯云都被劫持哈哈

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

已注册用户请登录

这是一个创建于 2550 天前的主题，其中的信息可能已经有所发展或是发生改变。

从腾讯云访问一些国网站直接被 302 跳转走了。

是不是有人在国际出口上做劫持了。

HTTP/1.1 302 Found
Connection: close
Location: http://1877766.com

这都什么鬼啊。还让不让玩了

劫持

腾讯

哈哈

出口

6 条回复 • 2017-05-13 17:44:53 +08:00

holinhot

2017-05-10 13:33:59 +08:00

有时候直接返回把页面给替换了
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:30:54.521515 IP 10.104.2.206.50286 > 123.com.http: Flags [S], seq 2784800392, win 14600, options [mss 1460,sackOK,TS val 2687025802 ecr 0,nop,wscale 6], length 0
13:30:54.683270 IP 123.com.http > 10.104.2.206.50286: Flags [S.], seq 925016812, ack 2784800393, win 29200, options [mss 1424,nop,nop,sackOK,nop,wscale 10], length 0
13:30:54.683304 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 1, win 229, length 0
13:30:54.683429 IP 10.104.2.206.50286 > 123.com.http: Flags [P.], seq 1:172, ack 1, win 229, length 171
13:30:54.687666 IP 123.com.http > 10.104.2.206.50286: Flags [FP.], seq 1:803, ack 172, win 229, length 802
13:30:54.687711 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, length 0
13:30:54.687899 IP 10.104.2.206.50286 > 123.com.http: Flags [F.], seq 172, ack 804, win 254, length 0
13:30:54.701469 IP 123.com.http > 10.104.2.206.50286: Flags [FP.], seq 1:72, ack 172, win 8192, length 71
13:30:54.701496 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:73}], length 0
13:30:54.845049 IP 123.com.http > 10.104.2.206.50286: Flags [.], ack 172, win 30, length 0
13:30:54.845074 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, length 0
13:30:54.857590 IP 123.com.http > 10.104.2.206.50286: Flags [P.], seq 1:455, ack 172, win 30, length 454
13:30:54.857624 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:455}], length 0
13:30:55.162711 IP 10.104.2.206.50286 > 123.com.http: Flags [F.], seq 172, ack 804, win 254, length 0
13:30:55.301387 IP 123.com.http > 10.104.2.206.50286: Flags [P.], seq 1:455, ack 172, win 30, length 454
13:30:55.301430 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:455}], length 0
13:30:55.789782 IP 123.com.http > 10.104.2.206.50286: Flags [P.], seq 1:455, ack 172, win 30, length 454
13:30:55.789819 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:455}], length 0
13:30:56.112720 IP 10.104.2.206.50286 > 123.com.http: Flags [F.], seq 172, ack 804, win 254, length 0
13:30:56.769886 IP 123.com.http > 10.104.2.206.50286: Flags [P.], seq 1:455, ack 172, win 30, length 454
13:30:56.769924 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:455}], length 0
13:30:58.012724 IP 10.104.2.206.50286 > 123.com.http: Flags [F.], seq 172, ack 804, win 254, length 0
13:30:58.730561 IP 123.com.http > 10.104.2.206.50286: Flags [P.], seq 1:455, ack 172, win 30, length 454
13:30:58.730590 IP 10.104.2.206.50286 > 123.com.http: Flags [.], ack 804, win 254, options [nop,nop,sack 1 {1:455}], length 0
^C
24 packets captured
24 packets received by filter

HTTP/1.1 200 OK
Server: nginx
Cache-Control: no-cache
Date: Wed, 10-May-2017 05:30:53 GMT
Set-Cookie: group_b2eecf4f9a15c836=1; expires=Thu, 11-May-2017 13:30:53 CST; path=/; domain=123.com
Content-Length: 583

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta http-equiv="Expires" content="0">
<title></title>
<script type="text/javascript">
window.location.href='http://99zz111.com/?kjh=3ZJCimzp';
</script>
<noscript>
<meta http-equiv="refresh" content="0;url=http://99zz111.com/?kjh=3ZJCimzp">
</noscript>
</head>
<body></body>