Security Basics mailing list archives
network worm
From: l c <neo_italy02 () yahoo it>
Date: Wed, 8 Dec 2004 23:24:56 +0100 (CET)
Hi all,
in the past days our network was stressed from a lot
of network worm (not find from local antivirus,
already up to date) with a stop of the traffic caused
from a lots of arp request. The last one was the
WORM_SDBOT.ACJ a worm that propagates itself using
network shares and a worm that trend micro (up to
date) was unable to find, causing the saturation of
the network switches and the related stop of all the
work. The question is: "is there the possibility to
setup an instrument (even linux based) to sniff the
network traffic with capabilities to find worm?". We
have already a linux based tool for network
monitoring, this tool is useful to isolate host with a
lots of ARP request (typical of the worm), but this
tool can't point us to which worm is doing the
traffic.
Thanks a lot
Luis
___________________________________
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam, Giochi, Rubrica
Scaricalo ora!
http://it.messenger.yahoo.it
Current thread:
- network worm l c (Dec 08)
- RE: network worm Shawn Wall (Dec 09)
- RE: network worm Harshul Nayak (Dec 09)
- Re: network worm Brandon Glaze (Dec 10)
- Re: network worm Mario Pascucci (Dec 09)
- Re: network worm xyberpix (Dec 09)
- Re: network worm Kirk Schafer (Dec 17)
- <Possible follow-ups>
- RE: network worm Joe Cervantes (Dec 09)
- Re: network worm Steve Phipps (Dec 09)