COMMAND

    dns.exe

SYSTEMS AFFECTED

    Win NT 4.0 (Server) running MS DNS service

PROBLEM

    Jason T. Luttgens upon  experimenting on port 65589  found another
    way to get the CPU utilization to rise.

    This time the kernel  percentage rises with it.   All you have  to
    do is telnet to port 65589 (this is port 53, or the DNS port as it
    is better  known), type  in one  character (it  seems as though it
    must be a letter), and  hit enter.  You  will be disconnected from
    the host and it's CPU utilization will rise.

    How much it rises and affects the system seems to highly depend on
    the setup. On a P75 with 32MB RAM, it's pegged at 100%. On a  dual
    P133 with  64MB RAM,  it averages  at 65-70%.  However, this  only
    lasts approximately 5  minutes.  The  processes eating up  the CPU
    time were a combination of services.exe and dns.exe.

    However, remote  users can  cause a  denial of  DNS service.   SNI
    (Secure Networks Inc.) provided more details in their advisory.

SOLUTION

    The Microsoft  DNS Server  has been  modified to  to correct  this
    problem.  Obtain  the following fix  or wait for  the next Windows
    NT service  pack.   This hotfix  has been  posted to the following
    Internet location:

        ftp://ftp.microsoft.com

    following path:

    /bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/dns-fix