|
Security Incidents
mailing list archives
Re: ANOTHER possible Windows problem?
From: Kris Carlier <root () iguana be>
Date: Sun, 22 Jul 2001 13:40:47 +0200 (MET DST)
David,
At around 3pm EST all of the Windows 98 boxes at my company suddenly
turned their proxy settings on (we don't use a proxy) and set their
proxy server to: cache.mycompany.com (substitute mycompany with the name
of mycompany) and port 3128.
Now i know port 3128 is a Squid proxy port, so i guess that makes sense,
but has anyone ever seen anything like this before? the few win2k boxes
are fine, as are the linux boxes. Is there a trojan or something like
that where the payload changes proxy settings?
or is it something else entirely?
it's the G8 conference I fear.
stupid wild guess, from one of the 'upgraded' machines, try pinging
wpad.mycompany.com
and if that works out, http://wpad.mycompany.com/wpad.dat or conf.pac or
whatever
If that works, find your DNS admin, and forgive him when he's using DDNS
;-)
kr=
\\\___///
\\ - - //
( @ @ )
+---------------oOOo-(_)-oOOo-------------+
| kris carlier - kris () iguana be |
| Freedom of speech has been suspended |
| [RESUME] [OK] [CANCEL] |
| KC62-RIPE SMS: +32-475-61.43.05 |
+------------------------Oooo-------------+
oooO ( )
( ) ) /
\ ( (_/
\_)
"In 1555, Nostradamus wrote: 'Come the millennium, month 12, in the home of
greatest power, the village idiot will come forth to be acclaimed the
leader.'"
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
