Access Violation in DNS.EXE Caused by Malicious Telnet AttackLast reviewed: June 9, 1997Article ID: Q169461 |
The information in this article applies to:
SYMPTOMSYou may receive an Access Violation in Dns.exe. This is most often occurs on computers connected to public networks, such as the Internet, where deliberate attacks are common.
CAUSEThis particular attack is usually generated maliciously by typing the following command on the attacking system:
telnet <mycomputer> 19 | telnet <mycomputer> 53This command causes a telnet connection to be established to port 19 (the chargen service, which generates a string of characters) with the output redirected to a telnet connection to port 53 (the DNS service.) This flood of characters causes an Access Violation in the DNS service, which is terminated, disrupting name resolution services.
RESOLUTIONThe Microsoft DNS Server has been modified to to correct this problem. Obtain the following fix or wait for the next Windows NT service pack. This hotfix has been posted to the following Internet location:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/ hotfixes-postSP3/dns-fix STATUSMicrosoft has confirmed this to be a problem in Windows NT version 4.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information.
|
Additional reference words: 4.00 prodnt denial of service dns telnet port
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |