RE: dns.exe virus?

["Stephen J. Wilcox" <steve () telecomplete co uk>]

I have seen MS DNS go into some kind of resolving loop madness where for some 
reason it continually tries lookups.. in the cases when I've seen it, it has 
been a customer server which seemed to loop on some lame delegations - I noticed 
it as the queries on the lames loaded our dns caches!

Steve

On Mon, 8 Sep 2003, Ken Budd wrote:

> DNS.exe is the executable for Microsoft DNS.  This is either some
> kind of bug or a function of active directory w/in Windows 2000.
>
> regards,
>
> Ken Budd
> Data Systems Engineer
> 702 Communications
> Moorhead, MN 56560
> phone:  218.284.5702
> Fax:    218.284.5746 
>
> - -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf
> Of Christopher J. Wolff
> Sent: Monday, September 08, 2003 3:10 PM
> To: nanog () merit edu
> Subject: dns.exe virus?
>
>
>
> Greetings,
>
> After tracking down what I believed was an attempted DOS attack, it
> turns out that two Windows 2000 servers, fully updated, were spewing
> out hundreds of port 53 requests.  Upon further investigation dns.exe
> was hogging 99% of the CPU.  
>
> I haven't found any reference to this at CERT so I thought I would
> drop the occurrence into the nanog funnel to see what comes out.  The
> attack started around 8AM MST.  Thank you for your consideration.
>
> Regards,
> Christopher J. Wolff, VP CIO
> Broadband Laboratories, Inc.
> http://www.bblabs.com 
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQA/AwUBP1zn/P1D1N+hTR4dEQKKtQCdFf62eWGDU2FvUqkFpedVX2OZigwAoL/g
> i2RL2Zg2yOlfmihA8nlWhgnx
> =0L78
> -----END PGP SIGNATURE-----