dns.exe virus?
Stephen J. Wilcox
steve at telecomplete.co.uk
Mon Sep 8 20:55:31 UTC 2003
I have seen MS DNS go into some kind of resolving loop madness where for some
reason it continually tries lookups.. in the cases when I've seen it, it has
been a customer server which seemed to loop on some lame delegations - I noticed
it as the queries on the lames loaded our dns caches!
Steve
On Mon, 8 Sep 2003, Ken Budd wrote:
> DNS.exe is the executable for Microsoft DNS. This is either some
> kind of bug or a function of active directory w/in Windows 2000.
>
> regards,
>
> Ken Budd
> Data Systems Engineer
> 702 Communications
> Moorhead, MN 56560
> phone: 218.284.5702
> Fax: 218.284.5746
>
> - -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
> Of Christopher J. Wolff
> Sent: Monday, September 08, 2003 3:10 PM
> To: nanog at merit.edu
> Subject: dns.exe virus?
>
>
>
> Greetings,
>
> After tracking down what I believed was an attempted DOS attack, it
> turns out that two Windows 2000 servers, fully updated, were spewing
> out hundreds of port 53 requests. Upon further investigation dns.exe
> was hogging 99% of the CPU.
>
> I haven't found any reference to this at CERT so I thought I would
> drop the occurrence into the nanog funnel to see what comes out. The
> attack started around 8AM MST. Thank you for your consideration.
>
> Regards,
> Christopher J. Wolff, VP CIO
> Broadband Laboratories, Inc.
> http://www.bblabs.com
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g
> i2RL2Zg2yOlfmihA8nlWhgnx
> =0L78
> -----END PGP SIGNATURE-----
>
>
More information about the NANOG
mailing list