Just had to shut off a client whose Win2k AD box was spamming our primary DNS (over half the DNS requests in a 1-minute period -- over 5000 requests -- were from one machine).
Is anyone here aware of a Win32 trojan or exploit which has this behavior? the remote machine has a long-lived process which keeps making DNS requests then doesn't use the reply data. I know it's long-lived because it always originates from a single port. -- Orlando Andico <[EMAIL PROTECTED]> Mosaic Communications, Inc. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
