David, > At around 3pm EST all of the Windows 98 boxes at my company suddenly > turned their proxy settings on (we don't use a proxy) and set their > proxy server to: cache.mycompany.com (substitute mycompany with the name > of mycompany) and port 3128. > > Now i know port 3128 is a Squid proxy port, so i guess that makes sense, > but has anyone ever seen anything like this before? the few win2k boxes > are fine, as are the linux boxes. Is there a trojan or something like > that where the payload changes proxy settings? > > or is it something else entirely? it's the G8 conference I fear. stupid wild guess, from one of the 'upgraded' machines, try pinging wpad.mycompany.com and if that works out, http://wpad.mycompany.com/wpad.dat or conf.pac or whatever If that works, find your DNS admin, and forgive him when he's using DDNS ;-) kr= \\\___/// \\ - - // ( @ @ ) +---------------oOOo-(_)-oOOo-------------+ | kris carlier - krisat_private | | Freedom of speech has been suspended | | [RESUME] [OK] [CANCEL] | | KC62-RIPE SMS: +32-475-61.43.05 | +------------------------Oooo-------------+ oooO ( ) ( ) ) / \ ( (_/ \_) "In 1555, Nostradamus wrote: 'Come the millennium, month 12, in the home of greatest power, the village idiot will come forth to be acclaimed the leader.'" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 12:29:26 PDT