B
Bernie
This could be a "Man-in-the-middle" attack.
I scanned the 14 for open ports - and strange enough for a
DNS server - there are all common ports open - even SSH.
From the scan results I'm almost sure, that's a Linux box.
The DNS will resolve all DNS requests comming from your IP
with the IP of the man-in-the-middle, who will forward
your traffic to the correct sever, but also keep a copy
for himself. So it stays completely transparent to you.
Are you sure, you didn't install or exec any fishy apps?
What about the cleaning pers? Importing an adm.template to
your GPOs could do the trick as well.
WHAT DO YOU HAVE TO HIDE?
Try to run a "tracert" to a URL of your habits or
mailserver and see if it hits a 69... on the way.
Happy paranoia
Bernie
I scanned the 14 for open ports - and strange enough for a
DNS server - there are all common ports open - even SSH.
From the scan results I'm almost sure, that's a Linux box.
The DNS will resolve all DNS requests comming from your IP
with the IP of the man-in-the-middle, who will forward
your traffic to the correct sever, but also keep a copy
for himself. So it stays completely transparent to you.
Are you sure, you didn't install or exec any fishy apps?
What about the cleaning pers? Importing an adm.template to
your GPOs could do the trick as well.
WHAT DO YOU HAVE TO HIDE?
Try to run a "tracert" to a URL of your habits or
mailserver and see if it hits a 69... on the way.
Happy paranoia
Bernie