Well I have no idea what the name of the Trojan horse was. But, our DNS server was down. And I still had DNS querys over the network. I thought that was strange. But I thought.. "Oh Well" So, some time later on some PCs started to show Trojan behavior. (Minesweeper autostarting etc) I thought, oh damn. So I started scanning for problems. Till I found something with a sniffer. We did send a DNS Query that did held Critical data.. Our work statsions do run a Virus Scanner. But I think its not yet logged. I confiscated a PC that did show that weird behavior and I am looking for the infected files. If found Ill share it with the net. Tek Bahadur Limbu wrote: > > Hi Robin, > > Robin-Vossen wrote: >> Hello, >> I wonder is there a way to log all DNS requests that go out of our >> network >> with Squid. >> Since I noticed that we had a Trojan Horse on our Company Network. >> And well it didnt send it self the data out. >> It did send DNS Querys to there DNS Server.. >> And a Firewall doesnt detect that. >> Is there a way to Log the DNS Querys with Squid so I can Monitor that >> myself? > > Are you runing Squid transparently? As Thomas pointed out, Squid does > not see DNS queries on your network. That's the job of your DNS servers > and your gateway firewall. > > You can only log the DNS queries that your Squid box actually makes to > your DNS servers. > > You can use the following option in your squid.conf: > > dns_nameservers IP.OF.YOUR.DNSSERVER > > One way is to run a local DNS caching name server on the Squid box > itself and point your clients machines to this caching name server which > then forwards the DNS requests to your actual DNS servers. > > Probably the better way is to block the unwanted DNS queries on your DNS > servers or gateway firewall. > > Just curious, which Trojan Horse did you detect in your network? When > you say that your firewall does not detect them, do you mean a firewall > running on your clients' machines or on your Gateway firewall itself? > > Thanking you... > > >> >> Thanks alot. >> Cheers, >> Robin > > > -- > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu > > System Administrator > > (TAG/TDG Group) > Jwl Systems Department > > Worldlink Communications Pvt. Ltd. > > Jawalakhel, Nepal > > http://www.wlink.com.np > > http://teklimbu.wordpress.com > > -- View this message in context: http://www.nabble.com/Squid-to-Log-DNS-Querys-tf4730318.html#a13531298 Sent from the Squid - Users mailing list archive at Nabble.com.
