Security Basics mailing list archives
RE: network worm
From: "Harshul Nayak" <harshul.nayak () patni com>
Date: Thu, 9 Dec 2004 09:13:30 +0530
Hello luis, running an IDS and monitoring it's logs should be a useful deployment , if you still feel the threat of malicious traffic on your network. I would even suggest having a look into latest snort-inline ;) u can do a lot more than mere monitoring. -regs Harshul -----Original Message----- From: l c [mailto:neo_italy02 () yahoo it] Sent: Thursday, December 09, 2004 3:55 AM To: security-basics () securityfocus com Subject: network worm Hi all, in the past days our network was stressed from a lot of network worm (not find from local antivirus, already up to date) with a stop of the traffic caused from a lots of arp request. The last one was the WORM_SDBOT.ACJ a worm that propagates itself using network shares and a worm that trend micro (up to date) was unable to find, causing the saturation of the network switches and the related stop of all the work. The question is: "is there the possibility to setup an instrument (even linux based) to sniff the network traffic with capabilities to find worm?". We have already a linux based tool for network monitoring, this tool is useful to isolate host with a lots of ARP request (typical of the worm), but this tool can't point us to which worm is doing the traffic. Thanks a lot Luis ___________________________________ Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica Scaricalo ora! http://it.messenger.yahoo.it http://www.patni.com World-Wide Partnerships. World-Class Solutions. _____________________________________________________________________ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin () patni com and delete this mail. _____________________________________________________________________
Current thread:
- network worm l c (Dec 08)
- RE: network worm Shawn Wall (Dec 09)
- RE: network worm Harshul Nayak (Dec 09)
- Re: network worm Brandon Glaze (Dec 10)
- Re: network worm Mario Pascucci (Dec 09)
- Re: network worm xyberpix (Dec 09)
- Re: network worm Kirk Schafer (Dec 17)
- <Possible follow-ups>
- RE: network worm Joe Cervantes (Dec 09)
- Re: network worm Steve Phipps (Dec 09)