DNS update attempts

Discussion in 'Trojan Defence Suite' started by mark godden, Apr 24, 2003.

Thread Status:
Not open for further replies.
  1. mark godden

    mark godden Guest

    My probelm is that every 34th & 37min past the hour (this changes
    now and then) an attempt from my IP address is made to change my DNS name/details on my ISP. THey have alerted me that if it continues they may lock me out. What Trojan/virus could cause this? or is it a setting in Windows 2000(server) OS?

    Thanks In advance.

    Mark
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Mark, welcome!
    Are you on an anonymous proxy or the kind of that?
    Is your ISP able and willing to give you details so it is possble to sort it out what this can be?
    Maybe what you have and what the intended changes are.
    There does excist the kind of software hiding your identity for the outside world and changing IPs and all that but i don't think it would change it on your ISP's servers.

    Hope others jump in here too.
    Did TDS (updated till today) with a full system scan and on highest sensitivity show any alert?
     
  3. Mark Godden

    Mark Godden Guest

    A little more detail for you guys, I have a DSL connection (not fixed IP)(Bt) via a network hardware router/firewall. My server whish is W2k is running exchange server - but my emails are collected by a third party PoP3 program. I shut this program down and the attempts still happen.

    Quote my ISP "no way to tell precisely as i'm not going to let it. It could quite easily be trying to change all the addresses to point directly at itself which would mean that your dsl link would get clobbered. It would also cause no end of issues here due to name aliasing. Also if we open the port it's trying to get through it opens it to the whole world which means that anybody could update any domains we look after"
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Mark, Just clutching at straws here but you have probably got all the latest security patches for W2K server if not that would be your next move. It will also pay you to visit the MS knowledge base, bit of a pain I know, but maybe worth the effort.

    Sorry I cannot help more - Pilli
     
  5. xam

    xam Registered Member

    Joined:
    Feb 14, 2003
    Posts:
    20
    Sounds like the w2k box is trying to register it's name with the ISP's DNS servers as w2k uses dymanic dns for name registration. The rest of the internet uses static dns so they don't want your box trying to change things (and failing).

    Look at this article, it may fix the problem.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;178148

    [edit] the link doesn't paste too well, you will have to add the -us;178148 by hand.

    Repaired it for you by adding URL tags, Pieter
     
Thread Status:
Not open for further replies.