DNS poisoning at Google?

• Previous message (by thread): DNS poisoning at Google?
• Next message (by thread): DNS poisoning at Google?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This may not help Matt now, but I just came across this today and 
believe it may help others who have to deal with incidents:

http://cert.societegenerale.com/en/publications.html --> "IRM (Incident 
Response Methodologies)"

If you changed the file contents before noting the  created date, 
modified date, etc. then begin looking at your backups.  This date will 
then help you track down the log entries and finally lead you to the 
root cause.

Also, if possible, please post the culprit code that caused this, 
exif'ing the sensitive data of course :-)

-- 

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel

On 6/27/12 7:50 AM, TR Shaw wrote:
> On Jun 27, 2012, at 3:36 AM, Michael J Wise wrote:
>
>> On Jun 27, 2012, at 12:06 AM, Matthew Black wrote:
>>
>>> We found the aberrant .htaccess file and have removed it. What a mess!
>>
>> Trusting you carefully noted the date/time stamp before removing it, as that's an important bit of forensics.
> And done forget there is a trail on that file on your backups.
>
> Tom
>
>
>

• Previous message (by thread): DNS poisoning at Google?
• Next message (by thread): DNS poisoning at Google?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]