[Intrusions] RE Question
Schmehl, Paul L
pauls at utdallas.edu
Mon May 2 15:38:56 GMT 2005
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Joel Esler
> Sent: Saturday, April 30, 2005 8:31 AM
> To: Intrusions List (GCIA Practicals)
> Subject: Re: [Intrusions] RE Question
>
> I'd hate to be hasty about it, as I am still laying in bed
> this morning... *yawn*
>
> My thoughts are.. DNS poisoning,
Precisely my thoughts as well. Looking at the packets, it looks
suspiciously familiar to other DNS poisoning instances that I have seen.
The question is, whose DNS is being poisoned?
Mike, are you running a MS DNS server internal to your network? Does
your ISP run an MS DNS server?
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
More information about the Intrusions
mailing list