I'm not sure if you guys are even seeing these. My first post showed up 3 hours after I sent it. I have found that this attack was actually happening on a different port and is caused by DNS. I fooled around with DNS all yesterday but I've never seen DNS act like this. Basically when DNS is runing it is scanning the Internet for what I'm guessing is other DNS servers. Is this a settings I can shut off. It is crippling my network. I have disabled DNS for the time being on that server but I worry about running a AD Server which is a DC without DNS. Fortunately yesterday I pushed all my clients and the server itself to just use the DNS server located in my other domain. If you were following my posts yesterday you know what I'm talking about. A edited copy of my log file is below: it will do this 12 times: Nov 6 13:20:33 192.168.0.9 Nov 06 2003 13:20:11: %PIX-3-305005: No translation group found for udp src inside:192.168.5.20/1512 dst outside:192.112.36.4/53 then it will do this 12 times and so on and so on with differnet IPs: Nov 6 13:20:33 192.168.0.9 Nov 06 2003 13:20:11: %PIX-3-305005: No translation group found for udp src inside:192.168.5.20/1512 dst outside:128.63.2.53/53 5.20 is my AD DC DNS Server Gunnar -----Original Message----- From: Berger, Gunnar Sent: Thursday, November 06, 2003 11:06 AM To: HELP (E-mail) Subject: [windows2000] VIRUS or something I'm getting a server that when it is plugged into the network it is flooding my T1. UDP port 1069 attacking random DNS server on the Internet. Any ideas? Gunnar ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm