Am i victim of MITM attack?

Hi everyone,

a little overview: i am currently setting up my home network. up to few days ago i had a static IP with just a plex server exposed. now as i wanted to fiddle around a little bit more i have purchased a domain and i set up a cloudflare tunnel in order to safely expose stuff in my home network. everything of course is password protected. i have a home server which is using casaOs with a few other apps i'd like to expose.

here's where my question raises. i have always connected to my server using ssh but a half an hour ago i got a weird message when connecting with ssh: "warning remote host identification has changed" and then it keeps up by explicitly mentioning a possible mitm attack.

i panicked. detached my network and started to look for a solution manually in ordinary files like /etc/hosts and /etc/resolv.conf and i have found out something weird enough: i have a fritz box and every unqualified domain i tried to ping ended with .fritz.box. eg. if i try to do ping google i was actually pinging which looked weird. in my resolv.conf i had a line "search " which i didn't set that was basically redirecting all my unqualified dns queries in such a way. the file said it was set by NetworkManager (using linux with kde so i do have NetworkManager) but it still looks weird to me. can it be that NetworkManager altered my file in such a dumb way?

i'm kinda freaking out about this, has this happened to someone before or am i under attack indeed? if that may be the case how can i be sure about that?

EDIT: one last thing, after commenting out that one line in resolv.conf everything goes back to normal and i can ssh into my server like nothing changed...

submitted by /u/TheUruz
[link] [comments]

from hacking: security in practice https://ift.tt/TyrXEkM

Comments