[ previous ] [ next ] [ threads ]
 
 From:  "Tomas Hood" <nw7us at hfradio dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Possible security break? DNS injection or ?
 Date:  Sat, 28 Jun 2008 11:42:19 -0600
Hi,

I'm running M0n0wall with three interfaces.  The last few days, my DNHC  
client computers which get DNS info from M0n0wall, are getting incorrect  
DNS - yet if I set static DNS in a client computer, bypassing the DNS of  
M0n0wall, the DNS information is correct.  If I restart M0n0wall (reboot),  
then DNS is ok for a while.  Seems like someone might be injecting or has  
broken into the DNS of M0n0wall.

I am not an ipchains expert, so I am not sure what to look at to figure  
this out with M0n0wall.

What information should I include in my report to you, in order for  
someone on this list to help me figure out what might be happening?

Thanks,

Tomas

-- 
73 de NW7US
http://prop.hfradio.org
http://myspace.com/tomashood

Linux User #32405 - Since 1996
See my profile: http://www.linkedin.com/in/tomashood