From: /m 


Do you have a firewall on the network?  If so, config it to allow only the
DNS connections you expect to occur.  (on my network here at home, I'd set
it to allow only my DNS caching server to access any DNS servers,
preventing the workstations from doing so.)

 /m

On Mon, 26 Jun 2006 16:23:11 -0500, "Glenn Meadows"
 wrote:

>The local DHCP server normally sets them, but this exploit changes the
>setting in TCPIP from "Automatic" to Manual, and plugs in two
dns servers
>that when I did a trackdown on them, showed up as part of Inhoster in the
>Ukraine.
>
>Then, we watched carefully, and when he clicked on a link in Google, he was
>redirected to a different address in the same subnet.  That's when we
>discovered that his DNS servers had change entries.
>
>Googled that whole browser hijack to that address, and got some threads at
>MajorGeeks that pointed me to the way to detect/remove it.
>
>I'm impressed with what they have to offer at Majorgeeks.com, but then, I'm
>easily amused...HAHAHAHAHA.

--- BBBS/NT v4.01 Flag-5