[FW-1] Weird Activity

[Sean Donaghey/HDGH <SDonaghey@FW1-NOSPAMHDGH.ORG>]

Hi,

We have been experiencing a weird thing with our DNS servers in our
network, and I was wondering if anyone would know if our firewall has been
penetrated or not.

What is happening is our DNS server (WinNT 4.0 SP6a) is getting a localhost
address record insert in the cache.  This in turn royally screws up our
RS/6000 server, as they use the name localhost for the software they are
running.  It happened yesterday, and it took awhile to find out the cause,
and when we did, we removed the offending entry, and then stopped, and
started the DNS server, so that the cache would be flushed completely.  But
once again, just 5 minutes ago, it happened again.

Does anyone know if this is a result of a virus, trojan, or something else?
I have searched the firewall logs for any information, but cannot find
anything out.

Thanks,

Sean P. Donaghey
Sr. Technical Analyst
H�tel-Dieu Grace Hospital
Windsor, Ontario Canada

Tel:Ext. 3717
Fax:Email: sdonaghey@hdgh.org



The information contained in this email is confidential and protected by
law.  The information is intended only for the person or organization
addressed in this email.  If you share or copy the information you are
breaking the law.  If you have received this email by mistake, please
delete it and notify the sender of the email by the telephone number listed
on this email.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================