Win2K broken client?

[Bill Manning]

 Has the characteristics of a DNS vectored "smash the stack" query.
 You might wish to take steps to ensure the integrity of your systems



% 
% In article <39E207B1.8AA37418 at daimlerchrysler.com>,
%   Kevin Darcy <kcd at daimlerchrysler.com> wrote:
% >
% > Could you dump those queries in some more-easily parsable format?
% 
% Actually, that is the only format I can put them in, or at least that's
% how tcpdump sees them. A normal query would appear in tcpdump as:
% 
% A? www.example.com.
% 
% All of the apparent control characters are actually a part of the
% query :(
% 
% M-nM-^XM-^A^FM-eM-^TM-8M-HM-^SM-aM-^TM-^@M-IM-^JM-fM-$M-^A^SM-nM-^^M-
% (^FM-nM-^YM-^@^FM-cM-^JM-(^HM-nM-^\M-^H^FM-fM-^CM-^TM-gM-^_M-;M-aM-^ZM-
% ^@M-gM-^_M-8M-oM-?M-?M-oM-?M-?M-nM-^\M-^X^FM-cM-^LM-0M-gM-^_M-
% (.example.com.
% 
% Ugly, I know.
% 
% I do have confirmation that both NT4 and Win2K can generate this
% traffic, and have twice confirmed that it's not coming from a hostile
% source.
% 
% As I mentioned, I haven't yet found a (standard) tool that will allow
% such queries to be made in the first place.
% 
% -Mycos
% 
% 
% Sent via Deja.com http://www.deja.com/
% Before you buy.
% 
% 
% 


-- 
--bill