-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi orly,

We've encountered these problem before where one of our clients Win2k box sends DNS 
dynamic updates to our nameservers. The culprit seems like the default DNS settings of 
Win2k. Just disable 'Register this connection's addresses in DNS' or something like 
that. 

No, it's not a trojan or exploit. 

hope this helps,

Ronald C. Rivera

On Fri, 16 Nov 2001, Orlando Andico wrote:

> 
> Just had to shut off a client whose Win2k AD box was spamming our primary
> DNS (over half the DNS requests in a 1-minute period -- over 5000 requests
> -- were from one machine).
> 
> Is anyone here aware of a Win32 trojan or exploit which has this behavior?
> the remote machine has a long-lived process which keeps making DNS
> requests then doesn't use the reply data. I know it's long-lived because
> it always originates from a single port.
> 
> 
> -- 
> Orlando Andico <[EMAIL PROTECTED]>
> Mosaic Communications, Inc.
> 
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> 
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
>[EMAIL PROTECTED]
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE79fvoNOaIoEa4NhMRAmm1AJwIa5AGvJAOxBsmKJFjYPSERwNRwQCdGMnY
HkyqmogGXwUYSXmAGgQma68=
=I/fo
-----END PGP SIGNATURE-----

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to