Has my office network been hacked or tapped into? (Web pages sometimes not loading and then redirecting on refresh)

Question

Recently employees in my office (about 5 people) have reported that sometimes web pages can not load for no reason, but after pressing refresh button in the browser, it first shows 'Redirecting you to www.....' then the page loads normally.

This only started to happen this week and it has happened to all users (so I've ruled out spyware / virus on individual PCs.)

Could this be a man-in-the-middle attack? I.e. someone is intercepting all web requests and forwarding them onto the real server. If so how could you tell?

Network configuration:

internet --> |ADSL  |--> wireless router --> office PCs
             |modem |--> web server

score 2 · Answer 1 · answered Jun 14 '11 at 10:32

2

If it occurs often enough, I would use Wireshark to examine the response that is causing the "Redirecting" message.

answered Jun 14 '11 at 10:32

RedGrittyBrick

85,717

score 1 · Answer 2 · answered Jun 14 '11 at 12:05

1

To find out what happens behind the curtains you can try Fiddler for a high level (http) view of the browser requests or Network Monitor for a more low level (ethernet) view.

answered Jun 14 '11 at 12:05

oleschri

1,215

score 1 · Answer 3 · edited Mar 20 '17 at 10:17

1

Well crafted malware can infect All PC's on the network, so simply ruling it out using that logic is flawed.

See my "Alternate Method" in this link to scan ALL the PC's. Be sure to run the boot CD first.

Do a hard reset of the Router also.

edited Mar 20 '17 at 10:17

Community

1

answered Jun 14 '11 at 14:45

Moab

58,769

Has my office network been hacked or tapped into? (Web pages sometimes not loading and then redirecting on refresh)

3 Answers3