Re: ANOTHER possible Windows problem?

From: Kris Carlier (rootat_private)
Date: Sun Jul 22 2001 - 04:40:47 PDT

  • Next message: Sean Kelly: "My list of default.ida connection attempts"

    David,
    
    > At around 3pm EST all of the Windows 98 boxes at my company suddenly 
    > turned their proxy settings on (we don't use a proxy) and set their 
    > proxy server to: cache.mycompany.com (substitute mycompany with the name 
    > of mycompany) and port 3128.
    > 
    > Now i know port 3128 is a Squid proxy port, so i guess that makes sense, 
    > but has anyone ever seen anything like this before? the few win2k boxes 
    > are fine, as are the linux boxes. Is there a trojan or something like 
    > that where the payload changes proxy settings?
    > 
    > or is it something else entirely?
    
    it's the G8 conference I fear.
    
    stupid wild guess, from one of the 'upgraded' machines, try pinging 
    wpad.mycompany.com
    and if that works out,  http://wpad.mycompany.com/wpad.dat or conf.pac or
    whatever
    
    If that works, find your DNS admin, and forgive him when he's using DDNS
    ;-)
    
    kr=
    
    
    
    
                       \\\___///
                      \\  - -  //
                       (  @ @  )
     +---------------oOOo-(_)-oOOo-------------+
     |        kris carlier - krisat_private    |
     |   Freedom of speech has been suspended  |
     |          [RESUME] [OK] [CANCEL]         |
     | KC62-RIPE         SMS: +32-475-61.43.05 |
     +------------------------Oooo-------------+
                      oooO   (   )
                     (   )    ) /
                      \ (    (_/
                       \_)
    
    "In 1555, Nostradamus wrote: 'Come the millennium, month 12, in the home of
    greatest power, the village idiot will come forth to be acclaimed the
    leader.'"
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 12:29:26 PDT