RE: resolv.conf - overwrite

From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: 11/04/03

  • Next message: Tim Greer: "Re: resolv.conf - overwrite"
    Date: Tue, 4 Nov 2003 13:11:10 -0600
    To: "Lukasz Spaleniak" <spalek@ptssa.pl>, <incidents@securityfocus.com>
    
    

    > -----Original Message-----
    > From: Lukasz Spaleniak [mailto:spalek@ptssa.pl]
    > Sent: Tuesday, November 04, 2003 5:32 AM
    > To: incidents@securityfocus.com
    > Subject: resolv.conf - overwrite
    >
    >
    > Hi,
    > probably someone had similar problem before, but I decided to
    > describe it.
    >
    > Few days ago I suddenly discovered that my resvol.conf is
    > changed , it looks likt that:

    It appears that you have been hacked. At this point I wouldn't trust
    anything on that box. Take if offline and start forensics on it.

    Paul Schmehl (pauls@utdallas.edu)
    Adjunct Information Security Officer
    The University of Texas at Dallas
    AVIEN Founding Member
    http://www.utdallas.edu/~pauls/

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------


  • Next message: Tim Greer: "Re: resolv.conf - overwrite"

    Relevant Pages

    • RE: CEH and Intense School
      ... Q-How many times has this course been delivered ... You want more than 4 to know the bugs are ironed out in labs and so on. ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Pen-Test)
    • RE: Probable Trojan.
      ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ... Don't miss RSA Conference 2004! ... Choose from over 200 class sessions and ...
      (Incidents)
    • Re: strange ftp site
      ... >Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ... Learn more or register at ... >and use priority code SF4. ...
      (Incidents)
    • Re: Pen-testing remote VPN services over IP
      ... Check out IKEcrack from Anton Rager. ... >Chris McNab ... >Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Pen-Test)
    • RE: New Trojan
      ... and discovered that there is an option to scan ADS, ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)