RE: browser redirection to forward.domainname.at
From: Evans, TJ (tjevans@kpmg.com)Date: 02/26/02
- Previous message: Lane Weast: "RE: browser redirection to forward.domainname.at"
- Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
- Next in thread: Matthew.van.Eerde@hbinc.com: "RE: browser redirection to forward.domainname.at"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Evans, TJ" <tjevans@kpmg.com> To: Matthew.van.Eerde@hbinc.com, focus-ms@securityfocus.com Date: Tue, 26 Feb 2002 14:20:22 -0500
Do you use your own DNS servers; your cache may be poisoned?
What happens if you try to ping a "known" DNS name ... does it resolve to
correct IP, or to "bad" IP?
Does it affect machines that have not been to the site, but are using the
same DNS server?
<try to determine if it is something that hit local workstations
individually <but simultaneously> or something that hit your DNS server
itself.>
Thanks!
TJ
-----Original Message-----
From: Matthew.van.Eerde@hbinc.com [mailto:Matthew.van.Eerde@hbinc.com]
Sent: Tuesday, February 26, 2002 11:29 AM
To: focus-ms@securityfocus.com
Cc: focus-virus@securityfocus.com
Subject: browser redirection to forward.domainname.at
A strange problem is surfacing on our network. Users will type in a website
they have been to before, and they will be forwarded to
http://forward.domainname.at/http://212.69.172.16/forward.php
and then to
http://212.69.172.16/forward.php
Have we been hit by a virus? Or is there some name resolution hack on the
internet?
Typing in the ip address of a site
http://216.168.252.86 for http://www.verisign.com for example
goes to the correct site. nslookup prompts from the command line yeild the
correct IP address.
Workstations are Windows 2000 Professional SP2 with IE 6.
Matthew van Eerde
Software Engineer
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
- Previous message: Lane Weast: "RE: browser redirection to forward.domainname.at"
- Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
- Next in thread: Matthew.van.Eerde@hbinc.com: "RE: browser redirection to forward.domainname.at"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
