Could be dnschanger or something similar... I can into a small network a while back where the wrt54g router apparently was compromised by malware that used the default admin\admin login to set the DNS servers on the router to addresses in the Ukraine, which then served those up via DHCP to all machines on the network.
neato... On Tue, Jun 8, 2010 at 2:29 PM, Gibson, Samuel <[email protected]>wrote: > Hello, > > I found a Windows XP computer on our network that should recieve its DNS > settings through DHCP but, recently realized that it had a hard coded DNS > server address in the Ukraine. Does anyone know of a way to find out any > more information about when it happened or what changed it? > > Thanks, > Sam > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Robert Portvliet GIAC GPEN, GCIA http://twitter.com/rportvliet http://www.linkedin.com/pub/robert-portvliet/10/A34/689
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
