-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi orly, We've encountered these problem before where one of our clients Win2k box sends DNS dynamic updates to our nameservers. The culprit seems like the default DNS settings of Win2k. Just disable 'Register this connection's addresses in DNS' or something like that. No, it's not a trojan or exploit. hope this helps, Ronald C. Rivera On Fri, 16 Nov 2001, Orlando Andico wrote: > > Just had to shut off a client whose Win2k AD box was spamming our primary > DNS (over half the DNS requests in a 1-minute period -- over 5000 requests > -- were from one machine). > > Is anyone here aware of a Win32 trojan or exploit which has this behavior? > the remote machine has a long-lived process which keeps making DNS > requests then doesn't use the reply data. I know it's long-lived because > it always originates from a single port. > > > -- > Orlando Andico <[EMAIL PROTECTED]> > Mosaic Communications, Inc. > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE79fvoNOaIoEa4NhMRAmm1AJwIa5AGvJAOxBsmKJFjYPSERwNRwQCdGMnY HkyqmogGXwUYSXmAGgQma68= =I/fo -----END PGP SIGNATURE----- _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
