Hey yall, any IT magicians here?
At my office we've got a problem. Someone is sometimes managing to send us a fake web page instead of websites we request over http. The page they send us is fairly simple, it just shows a loading screen and then sits there mining cryptocurrency for someone. That's not a big problem.
The real problem is, I can't figure out where the damn thing is coming from. We're on a subnetwork, separate from some other companies, and nobody else has seen the problem. I turned off all the machines and tried them one-by-one, and still got the problem every time. I've been looking for signs of ARP or DNS spoofing, but I don't see anything.
How else could this be achieved? I don't know how to go about finding the problem.
I set us up on a vpn, so at least the attacker can't snoop our traffic if they're in the network. What other measures could I take to prevent this from being possible?
At my office we've got a problem. Someone is sometimes managing to send us a fake web page instead of websites we request over http. The page they send us is fairly simple, it just shows a loading screen and then sits there mining cryptocurrency for someone. That's not a big problem.
The real problem is, I can't figure out where the damn thing is coming from. We're on a subnetwork, separate from some other companies, and nobody else has seen the problem. I turned off all the machines and tried them one-by-one, and still got the problem every time. I've been looking for signs of ARP or DNS spoofing, but I don't see anything.
How else could this be achieved? I don't know how to go about finding the problem.
I set us up on a vpn, so at least the attacker can't snoop our traffic if they're in the network. What other measures could I take to prevent this from being possible?
