dns.exe virus?

• Previous message (by thread): dns.exe virus?
• Next message (by thread): dns.exe virus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have seen MS DNS go into some kind of resolving loop madness where for some 
reason it continually tries lookups.. in the cases when I've seen it, it has 
been a customer server which seemed to loop on some lame delegations - I noticed 
it as the queries on the lames loaded our dns caches!

Steve

On Mon, 8 Sep 2003, Ken Budd wrote:

> DNS.exe is the executable for Microsoft DNS.  This is either some
> kind of bug or a function of active directory w/in Windows 2000.
> 
> regards,
> 
> Ken Budd
> Data Systems Engineer
> 702 Communications
> Moorhead, MN 56560
> phone:  218.284.5702
> Fax:    218.284.5746 
> 
> - -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf
> Of Christopher J. Wolff
> Sent: Monday, September 08, 2003 3:10 PM
> To: nanog at merit.edu
> Subject: dns.exe virus?
> 
> 
> 
> Greetings,
> 
> After tracking down what I believed was an attempted DOS attack, it
> turns out that two Windows 2000 servers, fully updated, were spewing
> out hundreds of port 53 requests.  Upon further investigation dns.exe
> was hogging 99% of the CPU.  
> 
> I haven't found any reference to this at CERT so I thought I would
> drop the occurrence into the nanog funnel to see what comes out.  The
> attack started around 8AM MST.  Thank you for your consideration.
> 
> Regards,
> Christopher J. Wolff, VP CIO
> Broadband Laboratories, Inc.
> http://www.bblabs.com 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
> 
> iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g
> i2RL2Zg2yOlfmihA8nlWhgnx
> =0L78
> -----END PGP SIGNATURE-----
> 
> 

• Previous message (by thread): dns.exe virus?
• Next message (by thread): dns.exe virus?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]