North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: dns.exe virus?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DNS.exe is the executable for Microsoft DNS. This is either some kind of bug or a function of active directory w/in Windows 2000. regards, Ken Budd Data Systems Engineer 702 Communications Moorhead, MN 56560 phone: 218.284.5702 Fax: 218.284.5746 - -----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Christopher J. Wolff Sent: Monday, September 08, 2003 3:10 PM To: firstname.lastname@example.org Subject: dns.exe virus? Greetings, After tracking down what I believed was an attempted DOS attack, it turns out that two Windows 2000 servers, fully updated, were spewing out hundreds of port 53 requests. Upon further investigation dns.exe was hogging 99% of the CPU. I haven't found any reference to this at CERT so I thought I would drop the occurrence into the nanog funnel to see what comes out. The attack started around 8AM MST. Thank you for your consideration. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g i2RL2Zg2yOlfmihA8nlWhgnx =0L78 -----END PGP SIGNATURE-----