Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Transamericana.org

from [Michael Rutledge] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Transamericana.org
Date: Sat, 29 Jan 2005 08:53:31 -0600 
This may be a stretch (a large stretch), but someone could have
planted something on your Windows box that is using pings as a covert
channel (given that person has also taken control of the webserver
that hosts transamericana.org and can watch the connection logs).  Do
you have a capture of the pings for someone to do a frequency analysis
on?

Also, you may want to post a list of your currently running processes
in hopes someone may spot something that looks wrong.

-Michael

On Sat, 29 Jan 2005 12:03:39 +0000, Antonio Henrique Oliveira
<tat@postmark.net> wrote:

Gregh wrote:

----- Original Message -----
From: "Antonio Henrique Oliveira" <tat@postmark.net>
To: <full-disclosure@lists.netsys.com>
Sent: Saturday, January 29, 2005 9:46 PM
Subject: [Full-Disclosure] Transamericana.org




Dear all,

Please excuse me if this is a bit off-topic, but since this is the only
IT related mailing list I subscribe (apart from Secunia's) I decided to
post here.

From sometime ago (I cannot determine exactly when this started to
happen), my workstation (WinXP SP2 PT, fully patched) has been sending
out ping requests to www.transamericana.org when I login to the machine
(right at the beginning of the login process, and only at that time).




Perchance is your DNS hosted there? Eg, your ISP's DNS servers?

Greg.

No. The Linux box runs bind for the internal (and external) networks and
does direct queries to the root servers, not using our ISP's DNS. The
internal network is configured with DHCP and the DNS server for all
hosts is set to the linux box internal address. Also, my workstation
(and there are 5 more) is the only one doing this.

Regards,
--
Anto'nio Henrique A. Proenca de Oliveira

"Although we can never go back, like an old sweet song with a strong
refrain, memories remain" - (Someone)

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
$Id: .signature,v 1.3 2004/07/14 08:08:10 tat Exp tat $

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] ICMP Covert channels question, Darren Bounds
Next by Date:  Re: [Full-Disclosure] Transamericana.org, Michael Rutledge
Previous by Thread:  Re: [Full-Disclosure] Transamericana.org, Antonio Henrique Oliveira
Next by Thread:  Re: [Full-Disclosure] Transamericana.org, Michael Rutledge
Indexes:  [Date] [Thread] [Top] [All Lists]