nanog mailing list archives
Re: DNS poisoning at Google?
From: AP NANOG <nanog () armoredpackets com>
Date: Wed, 27 Jun 2012 11:05:07 -0400
This may not help Matt now, but I just came across this today and believe it may help others who have to deal with incidents:
http://cert.societegenerale.com/en/publications.html --> "IRM (Incident Response Methodologies)"
If you changed the file contents before noting the created date, modified date, etc. then begin looking at your backups. This date will then help you track down the log entries and finally lead you to the root cause.
Also, if possible, please post the culprit code that caused this, exif'ing the sensitive data of course :-)
-- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 6/27/12 7:50 AM, TR Shaw wrote:
On Jun 27, 2012, at 3:36 AM, Michael J Wise wrote:On Jun 27, 2012, at 12:06 AM, Matthew Black wrote:We found the aberrant .htaccess file and have removed it. What a mess!Trusting you carefully noted the date/time stamp before removing it, as that's an important bit of forensics.And done forget there is a trail on that file on your backups. Tom
Current thread:
- Re: DNS poisoning at Google?, (continued)
- Re: DNS poisoning at Google? Landon Stewart (Jun 26)
- RE: DNS poisoning at Google? Matthew Black (Jun 26)
- Re: DNS poisoning at Google? Grant Ridder (Jun 26)
- Message not available
- Re: DNS poisoning at Google? Grant Ridder (Jun 26)
- RE: DNS poisoning at Google? Matthew Black (Jun 27)
- Re: DNS poisoning at Google? Bryan Irvine (Jun 27)
- Re: DNS poisoning at Google? Ishmael Rufus (Jun 27)
- RE: DNS poisoning at Google? Ian McDonald (Jun 27)
- Re: DNS poisoning at Google? Michael J Wise (Jun 27)
- Re: DNS poisoning at Google? TR Shaw (Jun 27)
- Re: DNS poisoning at Google? AP NANOG (Jun 27)
- RE: DNS poisoning at Google? Matthew Black (Jun 27)
- Re: DNS poisoning at Google? Bryan Irvine (Jun 27)
- Re: DNS poisoning at Google? Jason Hellenthal (Jun 26)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Daniel Rohan (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Arturo Servin (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Jason Hellenthal (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Ryan Rawdon (Jun 27)
- Re: No DNS poisoning at Google (in case of trouble, blame the DNS) Ryan Rawdon (Jun 27)