PaulDotCom mailing list archives
Wondering what changed DNS settings
From: robert.portvliet at gmail.com (Robert Portvliet)
Date: Thu, 10 Jun 2010 10:39:22 -0400
Could be dnschanger or something similar... I can into a small network a while back where the wrt54g router apparently was compromised by malware that used the default admin\admin login to set the DNS servers on the router to addresses in the Ukraine, which then served those up via DHCP to all machines on the network. neato... On Tue, Jun 8, 2010 at 2:29 PM, Gibson, Samuel <gibsons at my.uwstout.edu>wrote:
Hello, I found a Windows XP computer on our network that should recieve its DNS settings through DHCP but, recently realized that it had a hard coded DNS server address in the Ukraine. Does anyone know of a way to find out any more information about when it happened or what changed it? Thanks, Sam _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Robert Portvliet GIAC GPEN, GCIA http://twitter.com/rportvliet http://www.linkedin.com/pub/robert-portvliet/10/A34/689 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100610/3fd59d38/attachment.htm
Current thread:
- Wondering what changed DNS settings Gibson, Samuel (Jun 08)
- Wondering what changed DNS settings Tim Krabec (Jun 08)
- Wondering what changed DNS settings Dave (Jun 08)
- Wondering what changed DNS settings Denis Hancock (Jun 08)
- Wondering what changed DNS settings Dave (Jun 08)
- Wondering what changed DNS settings Robert Portvliet (Jun 10)
- Wondering what changed DNS settings Tim Krabec (Jun 08)