Not necessarily so. Can be a poor man's attempt at DNS spoofing.
Nothing says that the name server for suhsd.k12.ca.us can't be 0wned.
I'd suggest getting chkrootkit from here:
http://www.chkrootkit.org/
Remember that if you are reamed high and hard, then you can't trust
the results of this, but it may find something. There are some common
false alerts using this tool too (like it thinks that some Perl logs
are sniffer logs, some control panels such as Plesk and cPanel create
some false positives on imap ports, etc). You can go and verify each
of the false alerts are in fact false. Usually if there are false
alerts, then there are only a few.
With this tool, you *can* discover if there is a root kit installed.
However, it does not *prove* that there is isn't. It's a good first step.
Mike
At 09:07 AM 11/12/2005, you wrote:
whois identifies the domain as Corporation for Education Network
Initiatives in California. I don't know much about these things, but
that seems like an unlikely plant in a rooting.
Anybody ...?
On Sat, Nov 12, 2005 at 08:56:31AM -0800, George Geller wrote:
> One of systems, sherman, was running nicely for a couple of weeks. Then
> name resolution stopped working for no apparent reason. The symptom was
> that my IRC and Bittorrent clients, which had been running for many
> days, disconnected.
>
>
> I looked at /etc/resolv.conf and found a line that doesn't make sense:
> search suhsd.k12.ca.us
>
> I'm wondering what to do next.
>
> George
>
>
>
> --
> [email protected]
> http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
--
Lan Barnes [EMAIL PROTECTED]
Linux Guy, SCM Specialist 858-354-0616
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
