Re: [m0n0wall] Possible security break? DNS injection or ?

From:	sai <sonicsai at gmail dot com>
To:	"Tomas Hood" <nw7us at hfradio dot org>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Possible security break? DNS injection or ?
Date:	Sat, 28 Jun 2008 11:59:16 -0600

can you give examples of the incorrect ip addresses (with domain
names) that the m0n0 was giving ? also the correct ip addresses?

what dns server do you have setup in the general setup page?

sai

PS ipchains is Linux. m0n0 if FreeBSD.



On 6/28/08, Tomas Hood <nw7us at hfradio dot org> wrote:
> Hi,
>
>  I'm running M0n0wall with three interfaces.  The last few days, my DNHC
> client computers which get DNS info from M0n0wall, are getting incorrect DNS
> - yet if I set static DNS in a client computer, bypassing the DNS of
> M0n0wall, the DNS information is correct.  If I restart M0n0wall (reboot),
> then DNS is ok for a while.  Seems like someone might be injecting or has
> broken into the DNS of M0n0wall.
>
>  I am not an ipchains expert, so I am not sure what to look at to figure
> this out with M0n0wall.
>
>  What information should I include in my report to you, in order for someone
> on this list to help me figure out what might be happening?
>
>  Thanks,
>
>  Tomas
>
>  --
>  73 de NW7US
>  http://prop.hfradio.org
>  http://myspace.com/tomashood
>
>  Linux User #32405 - Since 1996
>  See my profile: http://www.linkedin.com/in/tomashood
>
>
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>