dns.exe virus?

Ken Budd kbudd at 702com.net
Mon Sep 8 20:35:08 UTC 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DNS.exe is the executable for Microsoft DNS.  This is either some
kind of bug or a function of active directory w/in Windows 2000.

regards,

Ken Budd
Data Systems Engineer
702 Communications
Moorhead, MN 56560
phone:  218.284.5702
Fax:    218.284.5746 

- -----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
Of Christopher J. Wolff
Sent: Monday, September 08, 2003 3:10 PM
To: nanog at merit.edu
Subject: dns.exe virus?



Greetings,

After tracking down what I believed was an attempted DOS attack, it
turns out that two Windows 2000 servers, fully updated, were spewing
out hundreds of port 53 requests.  Upon further investigation dns.exe
was hogging 99% of the CPU.  

I haven't found any reference to this at CERT so I thought I would
drop the occurrence into the nanog funnel to see what comes out.  The
attack started around 8AM MST.  Thank you for your consideration.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g
i2RL2Zg2yOlfmihA8nlWhgnx
=0L78
-----END PGP SIGNATURE-----




More information about the NANOG mailing list