Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Transamericana.org

From: Michael Rutledge <michael4447 () gmail com>
Date: Sat, 29 Jan 2005 08:53:31 -0600
This may be a stretch (a large stretch), but someone could have
planted something on your Windows box that is using pings as a covert
channel (given that person has also taken control of the webserver
that hosts transamericana.org and can watch the connection logs).  Do
you have a capture of the pings for someone to do a frequency analysis
on?

Also, you may want to post a list of your currently running processes
in hopes someone may spot something that looks wrong.

-Michael

On Sat, 29 Jan 2005 12:03:39 +0000, Antonio Henrique Oliveira
<tat () postmark net> wrote:

Gregh wrote:

----- Original Message -----
From: "Antonio Henrique Oliveira" <tat () postmark net>
To: <full-disclosure () lists netsys com>
Sent: Saturday, January 29, 2005 9:46 PM
Subject: [Full-disclosure] Transamericana.org




Dear all,

Please excuse me if this is a bit off-topic, but since this is the only
IT related mailing list I subscribe (apart from Secunia's) I decided to
post here.

From sometime ago (I cannot determine exactly when this started to
happen), my workstation (WinXP SP2 PT, fully patched) has been sending
out ping requests to www.transamericana.org when I login to the machine
(right at the beginning of the login process, and only at that time).




Perchance is your DNS hosted there? Eg, your ISP's DNS servers?

Greg.

No. The Linux box runs bind for the internal (and external) networks and
does direct queries to the root servers, not using our ISP's DNS. The
internal network is configured with DHCP and the DNS server for all
hosts is set to the linux box internal address. Also, my workstation
(and there are 5 more) is the only one doing this.

Regards,
--
Anto'nio Henrique A. Proenca de Oliveira

"Although we can never go back, like an old sweet song with a strong
refrain, memories remain" - (Someone)

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
$Id: .signature,v 1.3 2004/07/14 08:08:10 tat Exp tat $

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: