Hi malware fighters,
Here is described how handy ipconfig /displaydns is
http://www.icranium.com/blog/?p=995
polonus
Please read:
Could not flush the DNS
Resolver Cache
http://www.ghacks.net/2009/06/28/could-not-flush-the-dns-resolver-cache
Read about DNS Client service:
http://www.theeldergeek.com/dns_client.htm
If you use an extensive HOSTS file like hpHosts and MVPS HOSTS files then having the DNS Client service active will slow down the system imensely.
I use OpenDNS Basic:
http://www.opendns.com/start
The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.
Hi YoKenny,
Yes, I understand why that is and why you propagate the use of OpenDNS and also that you rely on the protection security of a good updated hosts file. To understand for others that have not sought to protect themselves that way, my method of investigation and also a tool like DNSEye, that I am running at the moment, a nice tool by Nirsoft: http://www.giveawayoftheday.com/soft/505725/
So what is www.penny-arcade.com and there is section reply - section-reply, and for www.quotationspage.cpm there is quotationspage.com while the others reply with an address like api.mywot.com answers 83.150.67.33?
polonus
DNSEye does not work on Windows 7 so I’ll give it a try on XP Pro after I boot it up.
Hi YoKenny,
Following recent developments also read this: http://www.markmonitor.com/mmblog/
monitoring being performed by 174.129.10.46 - 174.129.10.48 - 174.129.205.100
see: http://ec2-174-129-10-48.compute-1.amazonaws.com/ brandprotection remote port 32137
polonus
@ polonus
DNSEye now runs after a cold reboot and selecting Run as administrator.
http://ec2-174-129-10-48.compute-1.amazonaws.com/ displays
[b]Internet Explorer cannot display the webpage[/b]I have no idea what MARKMONITOR BLOG has to do with this ???
[b]It Is There for a Reason, So Why Not Use It? [/b] February 17, 2010 – 11:35 am by Elisa Cooper It seems like every week, news of yet another high-profile domain hijacking occurs. Whether it’s stolen credentials, SQL injection attacks, or even the work of disgruntled employees, the number of incidents has been on the rise.
Maybe its just the “The Lunar Effect” ;D
http://faculty.washington.edu/chudler/moon.html
This information is good:
Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414
Hi YoKenny,
Robtex info;
ec2-174-129-10-48.compute-1.amazonaws.com has one IP number , which also has a corresponding reverse pointer. ec2-174-129-10-48.compute-1.amazonaws.com is hosted on a server in United States. It is blacklisted in one list, RFC-ignorant.org.
The address is not whoisable, the IP whois has markmonitor.com
delegated via pdns2.ultradns.net Amazon.com The activity you have detected originates from a
Comment: dynamic hosting environment.
Gives a time-out and this: ed
spam.dnsbl.sorbs.net link (127.0.0.6) - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a ‘third strike and you are out’ basis, where the third spam will cause the supporter to be blocked,
Conclusion?
polonus
@YoKenny,
Aware as this has not been blocked so far as was in Australia, New-Zealand etc. where the western version of a Green Dam webfilter has been brought in. They had ample time to work it out in China.
A far more rigorous threat to free expression on the Internet (YouTube, blogs, etc.) will be the implementation of ACTA that is now secretly being debated out, and what we only know from people that were in on the debate and leaked some of the information, because they were startled by the implications of this being brought in (a “three strikes your banned for life from the Internet” policy to be executed through ISP providers on sheer accusation of a triple copyright infringement by the content industry watchdogs (P2P, file-sharing, publishing copyrighted material).
http://www.eff.org/deeplinks/2009/11/leaked-acta-internet-provisions-three-strikes-and-
http://www.michaelgeist.ca/content/view/2955/125/
polonus
Hi malware fighters,
Via netstat -o -a (give in in Command Prompt) you can see all processes that are active, the PID of the programs concerned come included.
The name of the program can be trached via Task Manager: open taskmanager (Ctrl + Alt + Del) then search for the PID in the list. If no PID is given, you can tag it, in going to columns select it to be shown),
pol
Hi folks,
Do not know who has put this online, but sure some food for a discussion, just seen in the light of negotiating out acta and the coming war of the copyright industry against common consumers:
http://farm5.static.flickr.com/4032/4369403959_fe90464b27_o.jpg
For backgrounds read this: http://free-culture.cc/
polonus
I vote with my wallet. ;D