[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Tomas Hood" <nw7us at hfradio dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Possible security break? DNS injection or ?
 Date:  Sat, 28 Jun 2008 11:59:16 -0600
can you give examples of the incorrect ip addresses (with domain
names) that the m0n0 was giving ? also the correct ip addresses?

what dns server do you have setup in the general setup page?

sai

PS ipchains is Linux. m0n0 if FreeBSD.



On 6/28/08, Tomas Hood <nw7us at hfradio dot org> wrote:
> Hi,
>
>  I'm running M0n0wall with three interfaces.  The last few days, my DNHC
> client computers which get DNS info from M0n0wall, are getting incorrect DNS
> - yet if I set static DNS in a client computer, bypassing the DNS of
> M0n0wall, the DNS information is correct.  If I restart M0n0wall (reboot),
> then DNS is ok for a while.  Seems like someone might be injecting or has
> broken into the DNS of M0n0wall.
>
>  I am not an ipchains expert, so I am not sure what to look at to figure
> this out with M0n0wall.
>
>  What information should I include in my report to you, in order for someone
> on this list to help me figure out what might be happening?
>
>  Thanks,
>
>  Tomas
>
>  --
>  73 de NW7US
>  http://prop.hfradio.org
>  http://myspace.com/tomashood
>
>  Linux User #32405 - Since 1996
>  See my profile: http://www.linkedin.com/in/tomashood
>
>
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>