nanog mailing list archives
Re: dns.exe virus?
From: "Chris Lewis" <clewis () nortelnetworks com>
Date: Mon, 08 Sep 2003 16:52:07 -0400
Christopher J. Wolff wrote:
After tracking down what I believed was an attempted DOS attack, it turns out that two Windows 2000 servers, fully updated, were spewing out hundreds of port 53 requests. Upon further investigation dns.exe washogging 99% of the CPU.
I haven't found any reference to this at CERT so I thought I would drop the occurrence into the nanog funnel to see what comes out. The attack started around 8AM MST. Thank you for your consideration.
I wonder if this is the tool used to attack Spamhaus, SPEWS and SORBS. Do you know what the requests were for?
Current thread:
- dns.exe virus? Christopher J. Wolff (Sep 08)
- RE: dns.exe virus? Ken Budd (Sep 08)
- RE: dns.exe virus? Stephen J. Wilcox (Sep 08)
- Re: dns.exe virus? Chris Lewis (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- Re: dns.exe virus? Chris Lewis (Sep 08)
- Re: dns.exe virus? bmanning (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- RE: dns.exe virus? Christopher J. Wolff (Sep 08)
- Re: dns.exe virus? Richard Cox (Sep 08)
- RE: dns.exe virus? Ken Budd (Sep 08)