Read the Websense report carefully.
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: "Ronald van der Westen" <rvdwesten@gmail.com>
Date: Fri, 25 Jan 2008 13:31:59
To:dxp <dxp2532@gmail.com>
Cc:ponchovaldes@gmail.com, incidents@securityfocus.com
Subject: Re: DNS CACHE POISONING? - Our Portal is redirecting to our first
competition
ARP poisoning is only possible in a subnet. Since this system is
probably located somewhere on the internet, I'm sure that there is a
router somewhere in the path from the source to destination.
I don't think ARP cache poisoning is the problem here, unless client
and server are in the same subnet.
On Jan 24, 2008 5:05 AM, dxp <dxp2532@gmail.com> wrote:
There are some reports of a large scale web site compromise where
thousands of sites are affected. Currently, info is limited but it
looks like the Apache daemon is compomised thus your web page files
are unchanged. This is known to affect shared hosting environments
but it doesn't have to be limited to that.
Another possiblity is ARP cache poisoning, either at the client side
(you) or the server side.
Here's a good write up on this attack vector:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=166
---
dxp
On 22 Jan 2008 00:55:30 -0000, <ponchovaldes@gmail.com> wrote:
Hello guys, we have a social network that is getting stronger, but we are
having an issue.
And the issue is that Sometimes... our page redirects to another Portal,
actually the page that redirects is our first competition,here in Latino
America, i know that they are causing that kind of mess.. so we thought in
this.
- We know that our DNS server is ok, and havent been compromised,
- DNS cache poisoning
- Malware ?
- some kind of virus that the guys(bad) made. ( the other portal - social
network-)
- Other soolution? sue them?
HElp guys.. this thing is taking out alot of users :(
thanks in advance!
Cheers from México
--
Ronald van der Westen
