Not sure about the tactics here unless something else has been changed. The search command gives a list of domains to append to a non-fully qualified domain name i.e. kernel-panic vice kernel-panic.org. It also works for really long domains: foo vice foo.suhsd.k12.ca.us in this case. So the question to ask is what dns entries are on your local nameserver that have names ending in suhsd.k12.ca.us could be detrimental to you? I say your local nameserver because that is the only one you are checking according to your resolv.conf file - otherwise there'd be a "nameserver" entry.
Do you know what your old resolv.conf looked like? Is there a backup? Did you run anything that could have changed it? Personally, 24/7 IRC connections are not my idea of safe computing. But I'm paranoid. Kevin Quoting Michael J McCafferty <[EMAIL PROTECTED]>: > > Not necessarily so. Can be a poor man's attempt at DNS spoofing. > Nothing says that the name server for suhsd.k12.ca.us can't be 0wned. > > I'd suggest getting chkrootkit from here: > http://www.chkrootkit.org/ > > Remember that if you are reamed high and hard, then you can't trust > the results of this, but it may find something. There are some common > false alerts using this tool too (like it thinks that some Perl logs > are sniffer logs, some control panels such as Plesk and cPanel create > some false positives on imap ports, etc). You can go and verify each > of the false alerts are in fact false. Usually if there are false > alerts, then there are only a few. > > With this tool, you *can* discover if there is a root kit installed. > However, it does not *prove* that there is isn't. It's a good first step. > > Mike > > > At 09:07 AM 11/12/2005, you wrote: > >whois identifies the domain as Corporation for Education Network > >Initiatives in California. I don't know much about these things, but > >that seems like an unlikely plant in a rooting. > > > >Anybody ...? > > > >On Sat, Nov 12, 2005 at 08:56:31AM -0800, George Geller wrote: > > > One of systems, sherman, was running nicely for a couple of weeks. > Then > > > name resolution stopped working for no apparent reason. The symptom > was > > > that my IRC and Bittorrent clients, which had been running for many > > > days, disconnected. > > > > > > > > > I looked at /etc/resolv.conf and found a line that doesn't make > sense: > > > search suhsd.k12.ca.us > > > > > > I'm wondering what to do next. > > > > > > George > > > > > > > > > > > > -- > > > [email protected] > > > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list > > > >-- > >Lan Barnes [EMAIL PROTECTED] > >Linux Guy, SCM Specialist 858-354-0616 > > > > > >-- > >[email protected] > >http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list > > > -- > [email protected] > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list > > -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
