Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS CACHE POISONING? - Our Portal is redirecting to our first compet

from [Jeff Plewes] Network Security [Permanent Link]
Subject: Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition
Date: Wed, 23 Jan 2008 21:46:36 -0500 
To clarify on some facts:

- yes the box was burned (brand new hardware..  fresh install centos5,
minimal packages)..  Only the virtualhost data was migrated.
- updates done via yum package manager with default sources
- php compiled from source from ca3.php.net
- there are about 40 customers on this box with virtualhosts
- all machines behind the firewall on the public vlan are ours
- DNS is also housed by us..  1st and 2nd on Bind 9.

1) If restarting httpd temporarily(days) resolves the problem..  then
DNS is not the issue.
2) No proxy servers between client where problem is noticed and server
which is compromised.
3) If the problem existed before with another disto, php and apache
version....   then it must be customer data which can be exploited
remotely?

Time to go through each customer and find the offender.

-Jeff

On Jan 23, 2008 5:11 PM, Florian Weimer <fw@deneb.enyo.de> wrote:

* Jeff Plewes:


This issue was happening on the same box when It used to be apache
2.0.56, php 5.1.0 running redhat 9.  upgrading the distribution,
apache, php etc has so far not resolved the issue.


It could be something afoul with the network on which the machine is
located.  Have you check this?  For instance, does it provide proper L3
separation among different customers?
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Eduardo Tongson
Next by Date:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, dxp
Previous by Thread:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Florian Weimer
Next by Thread:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Mark Gottschalk
Indexes:  [Date] [Thread] [Top] [All Lists]