RE: browser redirection to forward.domainname.at

From: Matthew.van.Eerde@hbinc.com
Date: 02/26/02 

From: Matthew.van.Eerde@hbinc.com
To: SecuredSite@hotmail.com, Matthew.van.Eerde@hbinc.com, focus-ms@securityfocus.com
Date: Tue, 26 Feb 2002 11:21:32 -0800

We have a class C:
X.Y.Z.0/24
All workstations have their own internet IP address
We have three internal name servers
X.Y.Z.2
X.Y.Z.3
X.Y.Z.4

running Microsoft DNS Server on top of Windows NT 4.0 SP 6a

There is no proxy server

> -----Original Message-----
> From: Don Wolf [mailto:SecuredSite@hotmail.com]
> Sent: Tuesday, February 26, 2002 11:22
> To: Matthew.van.Eerde@hbinc.com; focus-ms@securityfocus.com
> Cc: focus-virus@securityfocus.com
> Subject: Re: browser redirection to forward.domainname.at
>
>
> Can you provide more details as to what the clients are
> connecting to? Are
> they proxied, if so by what? What OS, what DNS server are
> you querying,
> internal or external? Just lookin' for the whole picture.
> ___________________________________
> Don J. Wolf - Security Consultant
> SANS/GIAC, MCP, CCNA, ICSA
> SecuredSite Intrusion Specialists
> www.SecuredSite.org
>
>
> ----- Original Message -----
> From: <Matthew.van.Eerde@hbinc.com>
> To: <focus-ms@securityfocus.com>
> Cc: <focus-virus@securityfocus.com>
> Sent: Tuesday, February 26, 2002 11:29 AM
> Subject: browser redirection to forward.domainname.at
>
>
> > A strange problem is surfacing on our network. Users will type in a
> website
> > they have been to before, and they will be forwarded to
> >
> > http://forward.domainname.at/http://212.69.172.16/forward.php
> > and then to
> > http://212.69.172.16/forward.php
> >
> > Have we been hit by a virus? Or is there some name
> resolution hack on the
> > internet?
> >
> > Typing in the ip address of a site
> > http://216.168.252.86 for http://www.verisign.com for example
> > goes to the correct site. nslookup prompts from the
> command line yeild
> the
> > correct IP address.
> >
> > Workstations are Windows 2000 Professional SP2 with IE 6.
> >
> > Matthew van Eerde
> > Software Engineer
> >
>

Relevant Pages

  • Re: Restrict Dynamic Updates
    ... outlined in the article "HOW TO Configure DNS for Internet Access in ... Windows Server 2003", realizing that that was not the initial intent ... internal DNS server host external public data. ... internal DNS server that hosts your internal AD infrastructure access from ...
    (microsoft.public.windows.server.dns)
  • Re: Multihomed DNS server install problems
    ... Is this DNS server hosting your ... > order, and make absolutely sure that both NICs are ... "Configure a forwarder for efficient Internet resolution. ... "If it is hosting public records, then you would tell it to only listen on ...
    (microsoft.public.win2000.dns)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: browser redirection to forward.domainname.at
    ... Can you provide more details as to what the clients are connecting to? ... What OS, what DNS server are you querying, ... > goes to the correct site. ...
    (Focus-Microsoft)
  • Re: Is this a split / shadow situation resolving non routable IPs without DNS authourity.
    ... for the clients who use the DC DNS server pair ... External is abc-company.com DNS server for abc-company.com is in our DMZ as well as that web host. ... (This is the single example, reality is there are multiple externals def-company.com, ghi-company.com) ... This DNS server then uses forewarders to resolve Internet ...
    (microsoft.public.win2000.dns)