Home page logo

basics logo Security Basics mailing list archives

RE: network worm
From: Shawn Wall <sjwall () shaw ca>
Date: Wed, 08 Dec 2004 19:36:27 -0700

Take a look at NTOP. www.ntop.org


-----Original Message-----
From: l c [mailto:neo_italy02 () yahoo it] 
Sent: Wednesday, December 08, 2004 3:25 PM
To: security-basics () securityfocus com
Subject: network worm

Hi all,
in the past days our network was stressed from a lot of network worm (not
find from local antivirus, already up to date) with a stop of the traffic
caused from a lots of arp request. The last one was the WORM_SDBOT.ACJ a
worm that propagates itself using network shares and a worm that trend micro
(up to
date) was unable to find, causing the saturation of the network switches and
the related stop of all the work. The question is: "is there the possibility
to setup an instrument (even linux based) to sniff the network traffic with
capabilities to find worm?". We have already a linux based tool for network
monitoring, this tool is useful to isolate host with a lots of ARP request
(typical of the worm), but this tool can't point us to which worm is doing
the traffic.

Thanks a lot

Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam,
Giochi, Rubrica… Scaricalo ora! 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]