A Windows webserver on our customer's network was sending all sorts of
fragmented ICMP packets to its hijackers' target. (I still don't know
what, exactly -- but that can wait.) We shut it down, changed the DNS
information around, became the DNS authority on their domain, set up an
Apache virtual host, copied the old pages and rewrote a FrontPage form,
and now everything's working fine again.
Whee, this is fun! Now if only I had the time to do proper forensics on
the beast instead of reformatting the hard drive and installing service
pack 2.4.19...
Ben
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:42:22 EDT