[61882] in North American Network Operators' Group
dns.exe virus?
daemon@ATHENA.MIT.EDU (Christopher J. Wolff)
Mon Sep 8 16:10:47 2003
From: "Christopher J. Wolff" <chris@bblabs.com>
To: <nanog@merit.edu>
Date: Mon, 8 Sep 2003 13:10:09 -0700
Errors-To: owner-nanog-outgoing@merit.edu
Greetings,
After tracking down what I believed was an attempted DOS attack, it
turns out that two Windows 2000 servers, fully updated, were spewing out
hundreds of port 53 requests. Upon further investigation dns.exe was
hogging 99% of the CPU.
I haven't found any reference to this at CERT so I thought I would drop
the occurrence into the nanog funnel to see what comes out. The attack
started around 8AM MST. Thank you for your consideration.
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
