DATE: COMMAND SOURCE: AUTHOR: dns.exe SYSTEMS AFFECTED Win NT 4.0 PROBLEM Jason T. Luttgens upon experimenting on port 65589 found another way to get the CPU utilization to rise. This time the kernel percentage rises with it. All you have to do is telnet to port 65589 (this is port 53, or the DNS port as it is better known), type in one character (it seems as though it must be a letter), and hit enter. You will be disconnected from the host and it's CPU utilization will rise. How much it rises and affects the system seems to highly depend on the setup. On a P75 with 32MB RAM, it's pegged at 100%. On a dual P133 with 64MB RAM, it averages at 65-70%. However, this only lasts approximately 5 minutes. The processes eating up the CPU time were a combination of services.exe and dns.exe. However, remote users can cause a denial of DNS service. SNI (Secure Networks Inc.) provided more details in their advisory. EXPLOIT SOLUTION There are several solutions. As Service Pack II (SP2) don't help on this subject, You can obtain Service Pack III (SP3) - due out this quarter will contain a fix (writen on January 28th) or run your DNS service on a different platform.