Security Basics mailing list archives

RE: network worm

From: "Harshul Nayak" <harshul.nayak () patni com>
Date: Thu, 9 Dec 2004 09:13:30 +0530

Hello luis,
running an IDS and monitoring it's logs should be a useful deployment , if
you still feel the threat of malicious traffic on your network.
I would even suggest having a look into latest snort-inline ;) u can do a
lot more than mere monitoring.

-regs
Harshul


-----Original Message-----
From: l c [mailto:neo_italy02 () yahoo it]
Sent: Thursday, December 09, 2004 3:55 AM
To: security-basics () securityfocus com
Subject: network worm


Hi all,
in the past days our network was stressed from a lot
of network worm (not find from local antivirus,
already up to date) with a stop of the traffic caused
from a lots of arp request. The last one was the
WORM_SDBOT.ACJ a worm that propagates itself using
network shares and a worm that trend micro (up to
date) was unable to find, causing the saturation of
the network switches and the related stop of all the
work. The question is: "is there the possibility to
setup an instrument (even linux based) to sniff the
network traffic with capabilities to find worm?". We
have already a linux based tool for network
monitoring, this tool is useful to isolate host with a
lots of ARP request (typical of the worm), but this
tool can't point us to which worm is doing the
traffic.

Thanks a lot
Luis



___________________________________
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam,
Giochi, Rubrica Scaricalo ora!
http://it.messenger.yahoo.it


http://www.patni.com
World-Wide Partnerships. World-Class Solutions.
_____________________________________________________________________

This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to
whom this message was originally addressed. Any review, e-transmission
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you have received this e-mail in error
kindly delete  this e-mail from your records. If it appears that this
mail has been forwarded to you without proper authority, please notify
us immediately at netadmin () patni com and delete this mail. 
_____________________________________________________________________

Current thread:

network worm l c (Dec 08)
- RE: network worm Shawn Wall (Dec 09)
- RE: network worm Harshul Nayak (Dec 09)
  - Re: network worm Brandon Glaze (Dec 10)
- Re: network worm Mario Pascucci (Dec 09)
- Re: network worm xyberpix (Dec 09)
- Re: network worm Kirk Schafer (Dec 17)
- <Possible follow-ups>
- RE: network worm Joe Cervantes (Dec 09)
- Re: network worm Steve Phipps (Dec 09)