[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

shadowy, sort of fly by night debian mirrors? ...

 as I tried to download debian, I noticed that the download was being
redirected real time (which in itself doesn't necessarily have to mean
bad), what I found a worrying was that:

 1) as I used a known public hotspot connection, there was a new
hotspot advertising itself as "Wifi4EU" (of course, I didn't bite that
bait)

 2) getting a connection through (apparently) the right hotspot took
way more time than expected

 3) downloads were being redirected real time

 4) the usual server side responses were not being produced, just:

WARNING: certificate common name `ftp.acc.umu.se' doesn't match
requested host name `chuangtzu.ftp.acc.umu.se'.
2021-02-17 11:14:47
URL:https://chuangtzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-2.iso
[4697370624/4697370624] -> "debian-10.8.0-amd64-DVD-2.iso" [1]

WARNING: certificate common name `ftp.acc.umu.se' doesn't match
requested host name `laotzu.ftp.acc.umu.se'.
2021-02-17 11:46:46
URL:https://laotzu.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-10.8.0-amd64-DVD-3.iso
[4679073792/4679073792] -> "debian-10.8.0-amd64-DVD-3.iso" [1]

 5) the mirror debian site (ftp.acc.umu.se) had smelly prefixes as
subdomains (apparently Chinese transliterations) {chuangtzu, laotzu}

 6) whois registry for umu.se

$ whois um.se
# Copyright (c) 1997- The Swedish Internet Foundation.
# All rights reserved.
# The information obtained through searches, or otherwise, is protected
# by the Swedish Copyright Act (1960:729) and international conventions.
# It is also subject to database protection according to the Swedish
# Copyright Act.
# Any use of this material to target advertising or
# similar activities is forbidden and will be prosecuted.
# If any of the information below is transferred to a third
# party, it must be done in its entirety. This server must
# not be used as a backend for a search engine.
# Result of search for registered domain names under
# the .se top level domain.
#
 This whois printout is printed with UTF-8 encoding.
#
state:            active
domain:           um.se
holder:           (not shown)
admin-c:          -
tech-c:           -
billing-c:        -
created:          2014-12-02
modified:         2020-11-16
expires:          2021-12-02
transferred:      2017-08-24
nserver:          ns1.nameisp.info
nserver:          ns2.nameisp.info
dnssec:           unsigned delegation
registry-lock:    unlocked
status:           ok
registrar:        www.NameSRS.com
$

 7) the md5 and sha1 hashes that I computed could not be found online

0296cfbeaf3823055901d7ad2077a077
0b742d83d23207db9a24553100d4155eb8c701bf debian
10.8.0-amd64-DVD-2.iso
37baf26293b8132fe95b4bd19262ca6b
122a2612ed63ff89db56eec0765e87268bf72318 debian
10.8.0-amd64-DVD-3.iso

 I have kept those files in hard drives/computers I never connect to
the Internet (that, to me, is the only way to do something with some
"privacy"/security). I later downloaded what seem to be the right
files, anyway. They would make for some easy and nice forensic
analysis (just extracting the content of those iso files, using find
and diff) whenever I find the time to do so.

 lbrtchx
Reply to: