V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
holinhot
V2EX  ›  宽带症候群

国内这劫持简直掉炸天 5 毫秒直达美国 cf ip

  •  
  •   holinhot · 2019-06-08 23:11:23 +08:00 · 10248 次点击
    这是一个创建于 2022 天前的主题,其中的信息可能已经有所发展或是发生改变。
    http://prntscr.com/nz9c8v

    5ms 直达 cf 服务器真是 6

    http://prntscr.com/nz9cn3


    TCP connect to 104.27.191.245:80:
    5 iterations (warmup 1) ping test:
    Connecting to 104.27.191.245:80 (warmup): from 172.16.0.15:63715: 5.28ms
    Connecting to 104.27.191.245:80: from 172.16.0.15:63716: 5.04ms
    Connecting to 104.27.191.245:80: from 172.16.0.15:63717: 4.83ms
    Connecting to 104.27.191.245:80: from 172.16.0.15:63718: 4.69ms
    Connecting to 104.27.191.245:80: from 172.16.0.15:63719: 4.71ms
    37 条回复    2019-06-10 09:43:37 +08:00
    holinhot
        1
    holinhot  
    OP
       2019-06-08 23:15:13 +08:00
    金钱蒙蔽了双眼
    CernetBoom
        2
    CernetBoom  
       2019-06-08 23:21:22 +08:00   ❤️ 2
    @holinhot 被拿来当内网设备的 IP 了,本来这就是 APNIC Debogon Project 的一部分,以前这些 IP 是不能宣告出来的

    APNIC Debogon Project 中 Debogon 的 Prefix
    1.255.0.0/16
    1.50.0.0/22
    1.2.3.0/24
    1.1.1.0/24
    holinhot
        3
    holinhot  
    OP
       2019-06-08 23:22:59 +08:00
    @CernetBoom 104.27.191.245 这个是内网 ip 你逗我,打开直接跳转到棋牌网站
    holinhot
        4
    holinhot  
    OP
       2019-06-08 23:23:45 +08:00
    @CernetBoom 只是 tcp 被劫持了,icmp 和 udp 还是直接到美国
    CernetBoom
        5
    CernetBoom  
       2019-06-08 23:31:34 +08:00 via Android
    @holinhot 看错了,以为你说的是 1.1.1.1,104.27.191.245 肯定是有问题,黑产在内部搞鬼吧
    hlz0812
        6
    hlz0812  
       2019-06-08 23:33:52 +08:00 via iPhone
    江苏电信还劫持 1.1.1.1 呢
    hlz0812
        7
    hlz0812  
       2019-06-08 23:35:53 +08:00 via iPhone
    这个估计不是移动就是杂牌宽带,电信联通现在也就是放个广告什么的
    CernetBoom
        8
    CernetBoom  
       2019-06-08 23:36:53 +08:00 via Android
    @hlz0812 1.1.1.1 本来就有内网设备在用,也是 Debogon Project 的一部分

    这是另外一回事,TCP 请求都给直接劫持到菠菜网站去了
    westoy
        9
    westoy  
       2019-06-08 23:37:16 +08:00
    @hlz0812 江苏电信也被劫了
    CernetBoom
        10
    CernetBoom  
       2019-06-08 23:39:32 +08:00 via Android
    @hlz0812 这就是电信和联通会出现的
    sigup
        11
    sigup  
       2019-06-08 23:51:15 +08:00
    受影响的域名有 400 多个,都是小网站,影响应该不大
    3pf5mg.fun.cdn.cloudflare.net
    4advancedhvac.com
    8pr7onews.cf
    80vs90.com
    175pershing.com
    186bv.space
    206abc.com
    350.pl
    720hdkino.online
    857dd.space
    1004flower.biz
    3344sl.com
    74758sg9658ot7m.com
    46671816.cn.cdn.cloudflare.net
    a0wu.com.cdn.cloudflare.net
    absolute-academy.com
    academypdfb.cf
    adrd.club
    adrian.tombu.eu
    aeotu.com
    agentless.eu
    aipa520.com
    alivemanual.ga
    alladulttricycle.com
    amelicompte.fr
    ancloudeabin.ml
    anfuh-finance.us
    anolfbellunotreviso.it
    asians-movies.gq
    autodiscover.directgiver.org
    automaticus.info
    a-design.bg
    a-ka.de
    babakexchange.com
    backnettama.ml
    bahiskeyfi.net
    bankiology.com
    beaufide.gq
    beautyheaven.co.za
    beoffroadcarsuvsok.live
    biconpozt.ga
    bj12.ooo
    bludlilete.gq
    boutiqueoriginals.co
    bradbenischek.com
    budownku.tk
    buildingburger.cf
    businessinterestingideas.com
    businessugtdkorg.ga
    c2m2a.com
    canadagoosesalesuss.com
    carwaypizza.com
    certificationinternational.ph
    cespares.gq
    childchavende.gq
    chogasuccessteam.altervista.org.cdn.cloudflare.net
    cja1966.com
    clixsatoshi.com
    cloudninefitpro.com
    commwtrk.gq
    concdrumkuyters.gq
    corgielitedogs.com
    corpsecafe.com
    cpanel.bankiology.com
    cpanel.directgiver.org
    cpanel.onelinergk.com
    crisis-poorer.ga
    cryptocurrencyexchangescriptopensource.com
    curryfeed.info
    cz.ionic-white.com
    darkroom.leicestertigers.com
    davanebg.ga
    deporteoutdoor.com
    devoirdememoire.eu
    dggworks.com
    dimurmeme.tk
    diplomesdetat.ga
    directgiver.org
    distftigvercent.tk
    diveingear.com
    dmgyp.com
    dronial.com
    dustybooks.ml
    eastofwestern.science
    ecoace.ca
    ecovermagician.com
    emm.a-ka.de
    equipco.us
    ergonomikosasociacija.lt
    es.rbusgoggles.biz
    eship.website
    es.ionic-white.com
    etraffichub.com
    evesplace.org
    evkasxebu.tk
    exerciseb.co.uk
    e-pdfoioad.ml
    fashiondelightful.top
    fastmoneyhamilton.co.nz
    fearreview.com
    ffql.net
    fijtrade.top
    filmblogorg.ga
    finservices.online
    fitida.com
    flickturestudio.com
    fneevjxivl.ga
    foodsrestaurants.ga
    forum.leicestertigers.com
    forumhomecare.tk
    fredricaonlinestore.xyz
    freeebooksbbpcrtd.ml
    freelinkadd.com
    fulpayvi.cf
    fvkkk.cf
    galaxyglobaleducation.com
    gamedayonrockytop.com
    gc.gy
    gigimodels.com
    gionulatga.gq
    gizlikonular.com
    glendoncamping.com.au
    goadentalimplantsfeed.live
    gocheckingaccountsget.live
    goldenoldiescarclub.com
    grupootus.com.br
    gr.ionic-white.com
    guelentpo.cf
    guibomersting.cf
    gurkhagrill-westdidsbury.co.uk
    happydatings.gq
    hasldolsq.tk
    heiworkscambil.tk
    hidtmansq.tk
    hi-serving.top
    homologatech.tk
    hr.ionic-white.com
    hurizaroll.com
    hu.ionic-white.com
    iclick4.org
    idealscomfort.top
    idola999.com
    iftc.ml
    inipath.ga
    injapthuweb.tk
    innoveravecpepite.com
    inomilun.cf
    instahealth-oficial.ru
    invertirp.ml
    invidi.ga
    ionic-white.com
    ipynamij.gq
    it.ionic-white.com
    jarum.info
    jaruwitt.com
    jiedasoft.com
    jwhatfilmsnow.gq
    kamr.ru
    kctc.icu
    kebioskop21.online
    killertraders.com
    kiotidiless.tk
    kituno-ajanlat.com
    kmckenziewigginsaairoarrillo.tk
    konolpev-seed777.info
    kovscomi.cf
    kwanstable-melbourne.com.au
    landing.miragemt2.com
    landtade.gq
    larlosszing.ga
    lastoriadiintel.altervista.org.cdn.cloudflare.net
    laurenrauffer.com
    lbeads.com
    legraset.tk
    leicestertigers.com
    leicredrya.tk
    limanme.tk
    limousinelocation.ga
    linaandmayur.com
    littlezebrachocolates.com
    littlezebrachocolates.com.au
    liverpoolfilmoffice.tv
    logistico.pl
    lohsbedownmoor.ml
    lopo.ml
    lunatums.gq
    macocow.cf
    mahdishop.xyz
    mail.bankiology.com
    mail.directgiver.org
    mail.eship.website
    mail.miragemt2.com
    mail.muntahid.pro
    mail.onelinergk.com
    mail.ionic-white.com
    marquestore.tk
    masihbisa.gq
    materialiedili.altervista.org.cdn.cloudflare.net
    mcameraagora.club
    medievalgames.com
    miragemt2.com
    mismeyma.gq
    monalia.com
    moolrittfighlighnovulla.tk
    mortconsnes.gq
    moviezonlinehd.ml
    muntahid.pro
    mylinqc.com
    neumengeto.cf
    nextoffer.ru
    nifbk.tw.cdn.cloudflare.net
    nikolettafoldessy.tk
    nnewvideosforever.ga
    nol-24.com
    northcarolinafashion.tk
    nthorom.ga
    obbajivar.tk
    ocaxilaf.ml
    olahyhoyoqika.tk
    omegaflooring.ca
    onelinergk.com
    ootz.party
    orangesexvideow.tk
    oricfunro.ga
    ororwanbirth.tk
    ortakporto.com
    orthoarts.com
    otyvogiyitog.tk
    ouahibelhanchi.me
    ovluzavcold.gq
    paginadevendas.com
    pbjmgt.com
    pershianhubx.ga
    pherturege.ml
    plattecountytowtruck.com
    pl.ionic-white.com
    portfoliobuilderinvest.com
    posawoldass.tk
    potdhub.com
    poznal.com
    prewastoback.gq
    proprentbati.ga
    pt.ionic-white.com
    puffracheckper.cf
    qnoohinthemovie8.gq
    qsavereview-p.cf
    q-host.pro
    rafaelmuller.ooo
    rbusgoggles.biz
    realidades.news
    realsideal.top
    receitascaseiras.blog.br
    reisandirvys.com
    remeditation.com
    renosreviews.gq
    reubendouglas.ooo
    rhinaridho.ga
    robertpolanco.ga
    romsthromdenbca.cf
    routwessq.ga
    ro.ionic-white.com
    rugsdecor.ml
    runwayidle.party
    rupdeulogi.ga
    ruthbrennanarchitects.co.uk
    rx-pill24.com
    saautogas.com.au
    saen.info
    saglikkurleri.site
    samedaypaydayloansonline.bid
    samogon-apparaty-engels.ru
    sbhapirasq.cf
    schutzmartialarts.com
    scutlifirsalt.cf
    seat-abreramotor.ru
    sedie.tk
    selphaekaespur.ml
    setpaleachan.gq
    sexgirls.xyz
    shear7.com.au
    shesheshe.aipa520.com
    si.ionic-white.com
    skorkolay.com
    sk.ionic-white.com
    slaperstig.ga
    snowpants.fun
    spas.co.ua
    springfieldpeds.com
    starspremiums.top
    stpeterparishlaporte.org
    streaming.kebioskop21.online
    superketo.fr
    sustainedsv.gq
    swaradhaara.com
    swigitqi.cf
    synapsedocs.com
    tanrempgandia.tk
    teamseoofestherleee.cf
    terry-ogata.com
    theperdiaspin.ga
    thread.life
    ticormugesch.ga
    tisimrawsmi.gq
    toenemai.com.br
    topluxuryairfares.sale
    toseniorparttimefed.live
    toukuike.info
    treadbro-g.cf
    tretman.com
    trilemde.cf
    ttdcd.live
    tuaconquistapro.com
    tyczpollira.tk
    unnotu.ga
    usecreator.com
    usefame.com
    usm3chary.space
    usofuhof.tk
    vegahotels.me
    vergdinligod.gq
    vesasa.ml
    vgthrksq.tk
    vianannini.ml
    vieharpa.gq
    vitxo.tk
    vn.ionic-white.com
    vplo.altervista.org.cdn.cloudflare.net
    vplwz.com
    vurjk.live
    wattreview-p.gq
    wawea.cn.cdn.cloudflare.net
    webdisk.bankiology.com
    webdisk.directgiver.org
    webdisk.onelinergk.com
    webhook.a-ka.de
    webmail.bankiology.com
    webmail.directgiver.org
    webmail.onelinergk.com
    wellnesstm.com
    widget.com.hk
    wjymavqcold.gq
    world-travelers.online
    www.a0wu.com.cdn.cloudflare.net
    www.aipa520.com
    www.alladulttricycle.com
    www.amelicompte.fr
    www.anolfbellunotreviso.it
    www.aquarium365.com.cdn.cloudflare.net
    www.babakexchange.com
    www.bahiskeyfi.net
    www.bankiology.com
    www.beautyheaven.co.za
    www.beautystoremilano.it.cdn.cloudflare.net
    www.bradbenischek.com
    www.c2m2a.com
    www.clixsatoshi.com
    www.curryfeed.info
    www.directgiver.org
    www.dmgyp.com
    www.dustybooks.ml
    www.ecovermagician.com
    www.eship.website
    www.evesplace.org
    www.exerciseb.co.uk
    www.fastmoneyhamilton.co.nz
    www.fearreview.com
    www.flickturestudio.com
    www.forumhomecare.tk
    www.franchisefinders.ca
    www.glendoncamping.com.au
    www.goldenoldiescarclub.com
    www.grupootus.com.br
    www.haicq.tw.cdn.cloudflare.net
    www.hassard.net
    www.hjszn.tw.cdn.cloudflare.net
    www.idola999.com
    www.indiefmnm.com.cdn.cloudflare.net
    www.jarum.info
    www.jiedasoft.com
    www.kebioskop21.online
    www.killertraders.com
    www.leicestertigers.com
    www.liverpoolfilmoffice.tv
    www.lopo.ml
    www.monalia.com
    www.muntahid.pro
    www.nifbk.tw.cdn.cloudflare.net
    www.northcarolinafashion.tk
    www.ocaxilaf.ml
    www.onelinergk.com
    www.orthoarts.com
    www.ouahibelhanchi.me
    www.paginadevendas.com
    www.pbjmgt.com
    www.plattecountytowtruck.com
    www.popjazzonline.com.cdn.cloudflare.net
    www.potdhub.com
    www.receitascaseiras.blog.br
    www.reisandirvys.com
    www.rmarinejacksons.com.au.cdn.cloudflare.net
    www.saen.info
    www.saglikkurleri.site
    www.springfieldpeds.com
    www.stextil.com
    www.superketo.fr
    www.theconunity.com.cdn.cloudflare.net
    www.toenemai.com.br
    www.toukuike.info
    www.vplwz.com
    www.wawea.cn.cdn.cloudflare.net
    www.zzaapps.com
    www.3pf5mg.fun.cdn.cloudflare.net
    www.4advancedhvac.com
    www.80vs90.com
    www.206abc.com
    www.350.pl
    www.absolute-academy.com
    www.anfuh-finance.us
    www.a-design.bg
    www.a-ka.de
    www.emm.a-ka.de
    www.ionic-white.com
    www.kituno-ajanlat.com
    www.q-host.pro
    www.rx-pill24.com
    www.seat-abreramotor.ru
    www.terry-ogata.com
    www.world-travelers.online
    wyddcelpo.gq
    xn--e1akagcdgnw.xn--p1ai
    xn----8sbaabxb2dg8ah4gxb.xn--p1ai
    xpjw3.com
    xprojex-net.cf
    yazljiki.cf
    yourmove.ml
    yzspiranti.ml
    zhxgsjd.com
    zzaapps.com
    hlz0812
        12
    hlz0812  
       2019-06-08 23:53:46 +08:00 via iPhone
    @CernetBoom 劫持到菠菜网站在电信联通还是第一次听说,感觉是员工私人行为,官方劫持 dns 放几个广告就算了,劫持到菠菜网站是不要命了
    CernetBoom
        13
    CernetBoom  
       2019-06-08 23:56:09 +08:00 via Android
    @hlz0812 有内鬼和黑产勾搭在一块?
    mason961125
        14
    mason961125  
       2019-06-09 00:02:06 +08:00
    @hlz0812 #4 苏州电信实测 1.1.1.1 没有被劫持到国内哦。
    hlz0812
        15
    hlz0812  
       2019-06-09 00:03:37 +08:00 via iPhone
    @CernetBoom 看了下电信和联通都是劫持到上海的服务器了,并且服务器直接接在上海城域网汇聚层上,能这么操作的人权限不小。南方有些省挺乱的,以前还见过有人举报电信某领导私自把江苏电信的 ip 走专线拉到其他省用,不知在搞什么
    hlz0812
        16
    hlz0812  
       2019-06-09 00:05:07 +08:00 via iPhone
    @mason961125 我上一次测 1.1.1.1 还是劫持到同城,不管什么协议都是,无锡电信。下一次回江苏的时候我再看看,我还记得我那里 2.2.2.1 也好像是劫持的
    CernetBoom
        17
    CernetBoom  
       2019-06-09 00:07:36 +08:00 via Android
    @mason961125 1.1.1.1 看起来"被劫持"多半只是因为内网里有设备占了这个 IP
    hlz0812
        18
    hlz0812  
       2019-06-09 00:08:50 +08:00 via iPhone
    @CernetBoom 测了下 TCP 全国三网都劫持了,连鹏博士都没放过
    happylty
        19
    happylty  
       2019-06-09 00:14:11 +08:00
    河南联通没有劫持 延迟 228ms
    aquariumm
        20
    aquariumm  
       2019-06-09 00:16:15 +08:00 via Android
    楼上怕不是个智障吧,这是 cf 的节点,几万个网站解析到这里吧
    isp 劫持 tcp 包没的说,因为直接访问裸 ip,截止到上海阿里云

    isp 内鬼行为,这个站后台是真的墙
    hlz0812
        21
    hlz0812  
       2019-06-09 00:17:41 +08:00 via iPhone
    @CernetBoom 不过这个 ip 确实是 anycast 的,全球范围内都是,少数网络下也表现为 TCP 和 icmp 路由不一致,比如日本 gmocloud,TCP 下 2 跳到,icmp 需要很多跳,还有个可能就是 cf 那边搞的,但是 cf 的 anycast 好像没有大陆的节点吧
    CernetBoom
        22
    CernetBoom  
       2019-06-09 00:19:49 +08:00 via Android
    @hlz0812 Cloudflare 怎么可能自己搞的, 他们的 Anycast 没大陆,大陆都是百度云的 IP
    hlz0812
        23
    hlz0812  
       2019-06-09 00:21:07 +08:00 via iPhone
    @CernetBoom 但是日本 gmocloud 对这个 ip 的 TCP 也劫持就很迷
    happylty
        24
    happylty  
       2019-06-09 00:41:59 +08:00
    测试已经被劫持了
    PP
        25
    PP  
       2019-06-09 06:23:05 +08:00 via iPad
    前几天美国梯子 25ms,上海电信。
    CernetBoom
        26
    CernetBoom  
       2019-06-09 06:36:08 +08:00 via Android
    @PP 只是你测到中国大陆了,上海到美国本土延迟不可能低于 100ms(既有的海缆)
    dfly0603
        27
    dfly0603  
       2019-06-09 10:07:20 +08:00 via Android
    @mason961125 南京电信、盐城电信实测也没有。
    Flasky
        28
    Flasky  
       2019-06-09 12:16:10 +08:00 via Android
    广西电信路由跟踪显示没有劫持,但是直接访问 ip 就跳到菠菜网了
    https://imgchr.com/i/VrtqmV
    xxq2112
        29
    xxq2112  
       2019-06-09 12:46:38 +08:00
    @Flasky TCP 劫持
    手机工具默认是 ICMP,看不到的

    Tracing route to 104.27.191.245 on port 80
    Over a maximum of 30 hops.
    1 2 ms 2 ms 2 ms *
    2 19 ms 6 ms 13 ms *
    3 * * * Request timed out.
    4 8 ms * * 61.164.22.157
    5 13 ms 15 ms 12 ms 202.97.68.129
    6 Destination Reached in 9 ms. Connection established to 104.27.191.245
    Trace Complete.

    Tracing route to 104.27.191.245 on port 80
    Over a maximum of 30 hops.
    1 2 ms 2 ms 2 ms *
    2 4 ms 4 ms 4 ms *
    3 * * * Request timed out.
    4 15 ms * * 101.71.244.97
    5 12 ms 9 ms 10 ms 219.158.96.189
    6 Destination Reached in 14 ms. Connection established to 104.27.191.245
    Trace Complete.

    浙江电信、浙江联通 稳定复现
    banditv2ex
        30
    banditv2ex  
       2019-06-09 12:58:30 +08:00
    请教楼主测路由的软件叫什么名字?
    PP
        31
    PP  
       2019-06-09 13:03:00 +08:00 via iPad
    @CernetBoom 可不是么。
    alsas
        32
    alsas  
       2019-06-09 13:16:00 +08:00
    TCP 劫持 打开直接菠菜网站
    dream7758522
        33
    dream7758522  
       2019-06-09 18:10:28 +08:00 via Android
    我这里 2ms 直达 1.1.1.1
    sobigfish
        34
    sobigfish  
       2019-06-09 18:50:23 +08:00
    报网警 会管么 ¯\_(ツ)_/¯
    z919126592
        35
    z919126592  
       2019-06-09 22:59:05 +08:00 via Android
    福建移动家宽 正常
    set01
        36
    set01  
       2019-06-10 08:40:15 +08:00
    河北联通表示,用了三年了除了第一年的时候 404 页面会有广告外,再也没见过联通的广告
    skylancer
        37
    skylancer  
       2019-06-10 09:43:37 +08:00
    @CernetBoom 是的呀,比如傻逼思科...
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1042 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 19:19 · PVG 03:19 · LAX 11:19 · JFK 14:19
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.