Re: browser redirection to forward.domainname.at

From: Don Wolf (SecuredSite@hotmail.com)
Date: 02/26/02

Previous message: Michael Gargan: "Re: browser redirection to forward.domainname.at"
In reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Lane Weast: "RE: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Don Wolf" <SecuredSite@hotmail.com>
To: <Matthew.van.Eerde@hbinc.com>, <focus-ms@securityfocus.com>
Date: Tue, 26 Feb 2002 14:22:27 -0500

Can you provide more details as to what the clients are connecting to? Are
they proxied, if so by what? What OS, what DNS server are you querying,
internal or external? Just lookin' for the whole picture.
___________________________________
Don J. Wolf - Security Consultant
SANS/GIAC, MCP, CCNA, ICSA
SecuredSite Intrusion Specialists
www.SecuredSite.org

----- Original Message -----
From: <Matthew.van.Eerde@hbinc.com>
To: <focus-ms@securityfocus.com>
Cc: <focus-virus@securityfocus.com>
Sent: Tuesday, February 26, 2002 11:29 AM
Subject: browser redirection to forward.domainname.at

> A strange problem is surfacing on our network. Users will type in a
website
> they have been to before, and they will be forwarded to
>
> http://forward.domainname.at/http://212.69.172.16/forward.php
> and then to
> http://212.69.172.16/forward.php
>
> Have we been hit by a virus? Or is there some name resolution hack on the
> internet?
>
> Typing in the ip address of a site
> http://216.168.252.86 for http://www.verisign.com for example
> goes to the correct site. nslookup prompts from the command line yeild
the
> correct IP address.
>
> Workstations are Windows 2000 Professional SP2 with IE 6.
>
> Matthew van Eerde
> Software Engineer
>

Previous message: Michael Gargan: "Re: browser redirection to forward.domainname.at"
In reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Lane Weast: "RE: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

SBS 200 w/ ISA 2000 - no outgoing email
... I have reinstalled IIS and Exchange and rerun the Internet connection wizard. ... Checking TCP/UDP SOA serial number using DNS server. ... Starting TCP and UDP DNS queries for the local domain. ... Connecting to smtp2.autooneins.com on port 25. ...
(microsoft.public.isa.configuration)
RE: browser redirection to forward.domainname.at
... All workstations have their own internet IP address ... running Microsoft DNS Server on top of Windows NT 4.0 SP 6a ... > Subject: Re: browser redirection to forward.domainname.at ... >> goes to the correct site. ...
(Focus-Microsoft)
Connecting 2000 to 2000 Domain Controlers
... dns server to browse internet. ... When i tried conencting win 2000 workstations to the ... rest are not connecting, i get error "The Network Path ...
(microsoft.public.windows.server.networking)
Re: basic question: eth0 ppp0, which interface?
... since that's the one you're connecting to the ... from the external one (the internet). ... DHCP (Dynamic Host Configuration Protocol) is used to assign IP addresses ... (and other information like DNS server addresses, ...
(comp.os.linux.security)
DNS connections
... I had to allow DNS on Firewall. ... nobody is using Internet; my DNS server is connecting to ISP server. ...
(microsoft.public.windows.server.dns)