DNS Virus

[Jamie]

We have an external DNS server outside our firewall.
This server has a static IP address. We currently found
out that our DNS server was pinging some unknow IP
addresses and causing our DNS to stop working. I have
NetShield installed and updated on this server. What
other software application can I buy to help with this
virus issue? Any ideas greatly appreciated.

 

[John Coutts]

We have an external DNS server outside our firewall.
This server has a static IP address. We currently found
out that our DNS server was pinging some unknow IP
addresses and causing our DNS to stop working. I have
NetShield installed and updated on this server. What
other software application can I buy to help with this
virus issue? Any ideas greatly appreciated.

**************** REPLY SEPARATER *****************
It is likely that you have some kind of backdoor virus installed. That is
normally how ping attacks are initiated, and they are usually coordinated with
several other sites to target one particular site. One univeral way of
preventing access to any command prompt command is to remove the permissions on
<cmd.exe> except for the administrative group. However, some backdoors will add
another copy of this file under a different name.

In the past, specifically tailored HTTP requests have also been used to
initiate these attacks. The above fix stops those as well, although a properly
patched system should not be vulnerable.

J.A. Coutts

 

[Jonathan de Boyne Pollard]

J> We currently found out that our DNS server was pinging
J> some unknow IP addresses and causing our DNS to stop working.

How did you establish that causal relationship ?

J> What other software application can I buy to help with
J> this virus issue?

How do you know that it _is_ a virus issue ?

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/problem-report-standard-litany.html>