[61888] in North American Network Operators' Group
Re: dns.exe virus?
daemon@ATHENA.MIT.EDU (Chris Lewis)
Mon Sep 8 16:50:24 2003
Date: Mon, 08 Sep 2003 16:52:07 -0400
From: "Chris Lewis" <clewis@nortelnetworks.com>
Cc: nanog@merit.edu
In-Reply-To: <002901c37645$34e1a550$16000a0a@cpq>
Errors-To: owner-nanog-outgoing@merit.edu
Christopher J. Wolff wrote:
> After tracking down what I believed was an attempted DOS attack, it
> turns out that two Windows 2000 servers, fully updated, were spewing out
> hundreds of port 53 requests. Upon further investigation dns.exe was
> hogging 99% of the CPU.
> I haven't found any reference to this at CERT so I thought I would drop
> the occurrence into the nanog funnel to see what comes out. The attack
> started around 8AM MST. Thank you for your consideration.
I wonder if this is the tool used to attack Spamhaus, SPEWS and SORBS.
Do you know what the requests were for?
