httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Proniewski <patrick.proniew...@univ-lyon2.fr>
Subject Re: [users@httpd] Re: phishing problem
Date Tue, 12 Jul 2011 21:04:02 GMT
On 12 juil. 2011, at 21:40, Frank Bonnet wrote:

> I think effectivelly users's requests have been redirected
> to the hacked servers ...

so it's not a phishing, it's more like a man-in-the-middle, or a DNS cache poisoning...
The only way for you to know what happens is to act as victims do (doing exactly what they
do, and land on the pirate server) while you perform some forensic analysis (tcpdump/wireshark
on port 53, 80 and 443 should be enough).


> Gosh ... HOW ???


find a victim, use his/her computer and account, with a tcpdump running
How's that, posting in english, but absolutely off topic now.

good luck,

Patrick PRONIEWSKI
-- 
Administrateur Système - DSI - Université Lumière Lyon 2


Mime
View raw message