Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS CACHE POISONING? - Our Portal is redirecting to our first compet

from [Jon R. Kibler] Network Security [Permanent Link]
Subject: Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition
Date: Mon, 28 Jan 2008 13:58:07 -0500
david bizeul wrote:
On 22 Jan 2008 00:55:30 -0000, <ponchovaldes@gmail.com> wrote:
Hello guys, we have a social network that is getting stronger, but we are having an issue. 

Hi,

A thoughts.
1) Start with the logs -- what do they show?
   Do you actually see redirects in the Apache logs?
   What do your BIND NS logs show? If you don't have query logging on, turn it 
on!
2) Run process accounting. Do the numbers add up? If not, you may have a 
rootkit. PA
   may also be able to show a rogue process, such as a Trojan.
3) Run an independently built, statically linked lsof. Do you have processes 
without
   filenames? Do you see processes that 'ps -ef' miss? Anything else 'strange' 
in
   the output?
4) Sniff the network from another box that is in the same collision domain -- 
and
   one without an IP address. (Put a true hub between your suspect box and the 
net,
   then sniff hub traffic.)
5) Run arpwatch, again preferably from another box on the collision domain.

Hope this helps.

Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494






==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Jeff Plewes
Next by Date:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Paul Schmehl
Previous by Thread:  Re: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, david bizeul
Next by Thread:  RE: DNS CACHE POISONING? - Our Portal is redirecting to our first competition, Boaz Shunami
Indexes:  [Date] [Thread] [Top] [All Lists]