Posted on 08/15/2003 10:22:17 AM PDT by HAL9000
The internet's domain name system root servers have been pounded with up to 50% more domain lookups than usual this week, and VeriSign Inc, the company that manages some of the servers, thinks the Blaster worm is to blame.VeriSign said late yesterday that daily DNS queries on its infrastructure increased by 3.7 billion this week, roughly 33% more than usual. At 9am US Pacific time yesterday, the traffic was up 50% about normal levels, the company said.
"A five percent deviation would be significant. It's usually very predictable," VeriSign's senior VP of security services Ben Golub said. "This appears to be a global event."
According to Golub, the spike in traffic started at the same time Blaster (aka MSBlast and Lovsan) began infecting Windows 2000 and Windows XP machines on the August 11.
The logic goes that many vulnerable servers became infected, and therefore unreachable due to crashes or excessive amounts of outgoing traffic.
Remote applications, such as browsers, that try to access these servers find the first IP address they try doesn't work, so they do a DNS lookup that ultimately reaches VeriSign's name servers.
The company believes that even if this does not indicate there are more total infected hosts that previously thought, it indicates that those infected machines are not being cleaned up as fast as other worm watchers thought.
Which could be bad news for Microsoft Corp, which is due to have one of its web sites come under attack by Blaster-infected computers at midnight Saturday (which starts at 7am US Pacific time Friday).
© ComputerWireTM 2003
Yeah, but if the ISP's nameserver(s) is/are getting slammed, the client will eventually time out and go to the next nameserver. When it runs out of nameservers, it goes to the root nameservers.
If so, what do I tell them to do??? They are running Win XP, but really know almost nothing about computers and use a dialup - what is the best course of action???
Thanks in advance!
That will allow the computer to function normally but it is not the final fix. Ultimately it requires MS's patch to fix it, which is available on MS's website. You will also need all service packs up to date, in order to apply the patch. In their case, after doing the temporary fix, if they need SP1a (service pack) they can order it on CD from MS for $10. If you need any more details, feel free to ask. If you want anything sent to you, reply by freepmail.
They are very clueless when it comes to computers and I had to walk them through every tiny process (what to click, where to type in Internet Explorer) - Before I moved to Pittsburgh, I setup a webpage that ran on the desktop with the links to every site that they visit, because they get confused by even having to type in an address in the address bar, so it was quite the challenge to walk them through the download, but I think now we are in over our heads (as far as me talking them through this on the phone.)
I was going to tell them to ship me the computer so that I could fix it and ship it back, but this seems almost rediculous.
Thanks again!
BTW if their copy of XP is newer than six months old it probably has the latest service packs. You can choose "Help" from any windows menu then "about windows" and it will show the version and update status.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.