Mac Help - Apple Macintosh Computers in Business & Home » Blog Archive » Finding your domain name servers (DNS) in OS X 10.4 or earlier

Finding your domain name servers (DNS) in OS X 10.4 or earlier

Posted in Apple/Mac, How To, News, malware | by gray - November 2nd, 2007

How to determine if you’ve been infected.

In the last day there’s been some news about a new bit of somewhat-malware on the mac. “Somewhat” because at least in its current form, and relative to some very nasty virii out there, this code rates as just above harmless. That it was announced on Halloween is probably the scariest thing about it. Never-the-less, it is an unwanted and uninvited bit of code, and here’s how to determine if you’ve been infected.

The new malware apparently changes your DNS settings, and in doing so, reveals itself, as well as adding a Cron job, among other code. In Lepard, OS X 10.5, it’s easy enough to see if your domain name servers have been changed. You can use the Advanced Network settings preferences in your system preferences. In OS X 10.4 or earlier, however, the graphical user interface (GUI) in the Network preferences does not reveal your domain name servers. You’ll need to launch Terminal, which if you’re not already familiar with it should make you feel very old-school as this runs the command line interface (CLI) for the Mac, and can be found in the Utilities folder/directory, which is in your Applications folder/directory.

Terminal, baby

In the terminal, copy and past the following command, then click enter/return to execute/run it:

cat /etc/resolv.conf

This will show your domain name server(s) (DNS), which are the servers your computer uses to translate host and domain names, such as www.01.com, to network address numbers, such as 38.98.186.151.

Digression on DNS lookups, etc: note that you can use another utility in your Utility folder, called Network Utility, to perform various lookup functions in a GUI on the mac, or you can just use the Dig command. If you want to learn more about the Dig command, to bring up the manual on “Dig” in the Terminal type:

man dig

While it’s possible that a cron job (the scheduled start of a program) can be associated with another user on your system, if you want to check for cron jobs associated to your username, you can run this command:

crontab -l

This entry was posted on Friday, November 2nd, 2007 at 10:59 am and is filed under Apple/Mac, How To, News, malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

MacWork.com is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Computer, Inc.
"Apple", "Mac" and "Macintosh" are registered trademarks of Apple Computer, Inc.

The opinions expressed here are the opinions of individual team members of OnDeckTech and may not reflect the opinions of other team members or the positions of OnDeckTech.

Sponsored by OnDeckTech, 24x7 Mac Help and 01.com Zimbra Hosting

The Mac Experience in Business & Home: Help, Tips, Discussion & Radio Show Notes

Finding your domain name servers (DNS) in OS X 10.4 or earlier

Leave a Reply

Pages

Search

Archives

Categories