I
Ice Czar
Guest
the other day I tried to download a diagram from Tyan Computer
the link happened to be to a PDF via FTP
well, I got redirected to an ad
so I emailed the Tyan webmaster that he had a strange link
he got right back to me saying it was fine
WTF?
next day I went to another FTP and same ad...hmmmm
run Adaware, SpybotSearch&Destroy, HijackThis, TDS-3, NOD32, and Nessus
still get the redirect
a little researching and found this
FTP Hijack (PDF) @ SANS.org
which pointed me to a poisoned DNS cache as the possible problem, so I go to Command Prompt
I type ipconfig/flushdns
(Purges the DNS resolver cache)
wont let me do it
I type ipconfig/displaydns
(Displays the contents of the DNS resolver cache}
wount show it
I type ipconfig/renew
(Renews the IP address for the specified adapter)
it fails
I type ipconfig/registerdns
(Refreshes all DHCP leases and re-register DNS names)
says any issues will be reported in the event viewer in 15 minutes
I go back to Tyan and successfully download the PDF
the link happened to be to a PDF via FTP
well, I got redirected to an ad
so I emailed the Tyan webmaster that he had a strange link
he got right back to me saying it was fine
WTF?
next day I went to another FTP and same ad...hmmmm
run Adaware, SpybotSearch&Destroy, HijackThis, TDS-3, NOD32, and Nessus
still get the redirect
a little researching and found this
FTP Hijack (PDF) @ SANS.org
which pointed me to a poisoned DNS cache as the possible problem, so I go to Command Prompt
I type ipconfig/flushdns
(Purges the DNS resolver cache)
wont let me do it
I type ipconfig/displaydns
(Displays the contents of the DNS resolver cache}
wount show it
I type ipconfig/renew
(Renews the IP address for the specified adapter)
it fails
I type ipconfig/registerdns
(Refreshes all DHCP leases and re-register DNS names)
says any issues will be reported in the event viewer in 15 minutes
I go back to Tyan and successfully download the PDF