[windows2000] Re: VIRUS or something

• From: "Berger, Gunnar" <GBerger@xxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>
• Date: Thu, 6 Nov 2003 13:30:48 -0500

I'm not sure if you guys are even seeing these.  My first post showed up 3 
hours after I sent it.  I have found that this attack was actually happening on 
a different port and is caused by DNS.  I fooled around with DNS all yesterday 
but I've never seen DNS act like this.  Basically when DNS is runing it is 
scanning the Internet for what I'm guessing is other DNS servers.  Is this a 
settings I can shut off.  It is crippling my network.  I have disabled DNS for 
the time being on that server but I worry about running a AD Server which is a 
DC without DNS.  Fortunately yesterday I pushed all my clients and the server 
itself to just use the DNS server located in my other domain.  If you were 
following my posts yesterday you know what I'm talking about.

A edited copy of my log file is below:

  it will do this 12 times:
Nov  6 13:20:33 192.168.0.9 Nov 06 2003 13:20:11: %PIX-3-305005: No translation 
group found for udp src inside:192.168.5.20/1512 dst outside:192.112.36.4/53 

  then it will do this 12 times and so on and so on with differnet IPs:
Nov  6 13:20:33 192.168.0.9 Nov 06 2003 13:20:11: %PIX-3-305005: No translation 
group found for udp src inside:192.168.5.20/1512 dst outside:128.63.2.53/53 

 5.20 is my AD DC DNS Server

Gunnar

-----Original Message-----
From: Berger, Gunnar 
Sent: Thursday, November 06, 2003 11:06 AM
To: HELP (E-mail)
Subject: [windows2000] VIRUS or something


I'm getting a server that when it is plugged into the network it is flooding my 
T1.  UDP port 1069 attacking random DNS server on the Internet.  Any ideas?

Gunnar
********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
********************************************************
This Weeks Sponsor Pearl Software
Internet Monitoring, Filtering, and Control Solutions
Enabling User & Group Level Oversight & Access Policies
Fully Functional in a Thick or Thin Client Environment
http://www.pearlsw.com
**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] VIRUS or something
• » [windows2000] Re: VIRUS or something
• » [windows2000] Re: VIRUS or something
• » [windows2000] Re: VIRUS or something
• » [windows2000] Re: VIRUS or something

1. Home
2. windows2000
3. Archive
4. 11-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---