Vista machine denial of service attacks to DNS ?

Discussion in 'Windows Vista Networking' started by Shera, Feb 29, 2008.

  1. Shera

    Shera Guest

    A number of times we have seen windows vista hosts on our Residential
    Network (ie machines in student rooms) "Attack" our DNS service.

    Most of these events seem to involve a pair of machines sending large
    numbers of data packets on dest port 53 > 4,000 per second to both
    the primary and secondary DNS servers. Note the port is limited to
    10mbps... I have wondered what would have happened if it was 100/1000!!



    Investigations and packet captures have revealed:



    - The machines are always vista machines

    - The DNS requests are attached to a single process. This
    appears to be "sharedAccess"

    - There appear to be two separate states. Hosts which have
    been involved seem to send abnormal numbers of DNS requests under
    "normal" operation (state 1), roughly 10pps. Then, somehow an
    interatction with another machine (I guess) causes the bombardment .

    - The Vista machines seem to be "clean" of virus infection

    - Whilst looking at said machines, I have been unable to
    replicate an "attack event"

    Has anyone seen similar and is it reparable in a service pack for
    vista ?
     
    Shera, Feb 29, 2008
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.