1
RogueKiller / PUM.dns after scan: Question about DHCPNameServer value on REG key
« on: December 06, 2015, 07:58:12 PM »
Hello Group, thanks Adlice for offering the RogueKiller tool. I'm running a laptop with Win7 Home Premium SP1 patched current, 64bit. My roomate lets me leech his WIFI, AT&T U-verse on a 18/3 line. I've been seeing gateway.pace.com come up a lot. May I ask a question about results here please, specifically PUM.dns.
I had PUM.dns come up reporting three keys:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{...long ID string...}
...\ControlSet001\...
...\ControlSet002\...
The value label is: DhcpNameServer/ Value is a pair of IPs: 198.224.171.135 198.224.168.135
whois on the IP yeilded: Service Provider Corporation
Question: Why is this config flagged as a PUM? I have a generic understanding of networking, DHCP and DNS. But I'm curious why I have the REG key entries on my system. My goal is to understand the risk presented and re-config if needed.
Thank you for your time reading this. /Cie
I had PUM.dns come up reporting three keys:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{...long ID string...}
...\ControlSet001\...
...\ControlSet002\...
The value label is: DhcpNameServer/ Value is a pair of IPs: 198.224.171.135 198.224.168.135
whois on the IP yeilded: Service Provider Corporation
Question: Why is this config flagged as a PUM? I have a generic understanding of networking, DHCP and DNS. But I'm curious why I have the REG key entries on my system. My goal is to understand the risk presented and re-config if needed.
Thank you for your time reading this. /Cie