North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: dns.exe virus?
I have seen MS DNS go into some kind of resolving loop madness where for some reason it continually tries lookups.. in the cases when I've seen it, it has been a customer server which seemed to loop on some lame delegations - I noticed it as the queries on the lames loaded our dns caches! Steve On Mon, 8 Sep 2003, Ken Budd wrote: > DNS.exe is the executable for Microsoft DNS. This is either some > kind of bug or a function of active directory w/in Windows 2000. > > regards, > > Ken Budd > Data Systems Engineer > 702 Communications > Moorhead, MN 56560 > phone: 218.284.5702 > Fax: 218.284.5746 > > - -----Original Message----- > From: email@example.com [mailto:firstname.lastname@example.org] On Behalf > Of Christopher J. Wolff > Sent: Monday, September 08, 2003 3:10 PM > To: email@example.com > Subject: dns.exe virus? > > > > Greetings, > > After tracking down what I believed was an attempted DOS attack, it > turns out that two Windows 2000 servers, fully updated, were spewing > out hundreds of port 53 requests. Upon further investigation dns.exe > was hogging 99% of the CPU. > > I haven't found any reference to this at CERT so I thought I would > drop the occurrence into the nanog funnel to see what comes out. The > attack started around 8AM MST. Thank you for your consideration. > > Regards, > Christopher J. Wolff, VP CIO > Broadband Laboratories, Inc. > http://www.bblabs.com > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.2 > > iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g > i2RL2Zg2yOlfmihA8nlWhgnx > =0L78 > -----END PGP SIGNATURE----- > >