Re: browser redirection to forward.domainname.at

From: Daniel Bowers (Satus) (daniel.bowers@satus.com)
Date: 02/26/02 

From: "Daniel Bowers (Satus)" <daniel.bowers@satus.com>
To: <focus-ms@securityfocus.com>
Date: Tue, 26 Feb 2002 11:48:40 -0600

Check your DNS servers for poisoning...
http://www.kb.cert.org/vuls/id/109475

Also, flush the DNS caches on the 2000 workstations, and make sure they
aren't running the DNS Server service.
ipconfig /flushdns

I found one adult-oriented site that would attempt to poison the DNS cache
of clients and scan for DNS servers on client's class C whenever HTTP
requests from new IPs arrived.

----- Original Message -----
From: <Matthew.van.Eerde@hbinc.com>
To: <focus-ms@securityfocus.com>
Cc: <focus-virus@securityfocus.com>
Sent: Tuesday, February 26, 2002 10:29 AM
Subject: browser redirection to forward.domainname.at

> A strange problem is surfacing on our network. Users will type in a
website
> they have been to before, and they will be forwarded to
>
> http://forward.domainname.at/http://212.69.172.16/forward.php
> and then to
> http://212.69.172.16/forward.php
>
> Have we been hit by a virus? Or is there some name resolution hack on the
> internet?
>
> Typing in the ip address of a site
> http://216.168.252.86 for http://www.verisign.com for example
> goes to the correct site. nslookup prompts from the command line yeild
the
> correct IP address.
>
> Workstations are Windows 2000 Professional SP2 with IE 6.
>
> Matthew van Eerde
> Software Engineer

Relevant Pages

  • Re: DNS cache poisoning attack
    ... I never posted a follow-up to this to NTBugTraq because I believed it had been rejected from the list. ... vulnerable to poisoning in the scenario described below. ... * Users who have their Windows DNS servers configured to forward ... * BIND 4 and BIND 8 are immune to poisoning, ...
    (NT-Bugtraq)
  • Re: IE & Router problem
    ... got the same results as per your note for nslookup and ipconfig commands. ... The ping command gave me the following. ... possibility that your system is seeing your DNS servers as local. ... Windows 98 and Windows Me have a shortcut in the ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Fast downloads, slow browsing
    ... I don't think it got all of the ipconfig /all from the ... "Chuck" wrote: ... addresses of the DNS servers for this computer, ... I purchased a Linksys wireless router. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Bug in server 2003 DNS policy setting
    ... IPCONFIG reads from the traditional portion of the Registry where TCP/IP ... > In group policy you can set up a setting under computer ... > applied to will be configured with the specified dns servers. ... Therefore the DNS displayed in the configuration is ...
    (NT-Bugtraq)
  • Re: DNS not resolving ip addresses
    ... This is the Ipconfig /all from a Doamin Controller ... reporting many Netlogon and other errors because of the use of these ... To fix your issues remove BOTH of these DNS servers from TCP/IP properties ... resolved to the correct IP addresses for the internet root servers. ...
    (microsoft.public.windows.server.dns)