[funsec] Rogue DNS Servers
jeff-kell at utc.edu
Wed Mar 28 22:52:08 CDT 2007
> Researchers of Trend Micro have identified a network of more than 115 rogue
> DNS servers that are used by a certain variant of TROJ_DNSCHANG. These DNS
> servers exhibit interesting behavior.
I get timeouts trying to reference the URL, so I can't get the
If you're talking about the Inhoster hooks, this has been going on for
months. DNS clients are hijacked to point to various servers in
Recently (last 48 hours) I've seen enduser queries out of our block
(excluding our internal recursive servers) directed toward...
> < Dst IP address > < Total # >
> 220.127.116.11 1420
> 18.104.22.168 3
> 22.214.171.124 1940
> 126.96.36.199 3
I don't see any other "out of the ordinary" outbound DNS, at least not
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the funsec