Qhosts again

Jeff Bollinger jeff01 at email.unc.edu
Wed Oct 22 01:34:49 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is it reasonable to think that border filtering the DNS server IP
addresses coded into the Qhosts trojan would break DNS for the infected?
~ I've looked around a bit and have only seen these three IP addresses
for the DNS rerouting:

	216.127.92.38
	69.57.146.14
	69.57.147.175

Are there other known DNS servers used by this trojan?

Thanks,
Jeff
- --
Jeff Bollinger, CISSP
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff @unc dot edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/ld65voVlxVBmgsURAmw1AJ0WG/LLGbtirE2EqHiuOlR4UAwQOQCeOQKc
w0n4IBbJ6wq+jrLpQ4MGnf8=
=0PMa
-----END PGP SIGNATURE-----



More information about the unisog mailing list