Security Basics mailing list archives
Re: possible rooted systems
From: "Mike" <securitybasics () infinity77 net>
Date: Thu, 28 Oct 2004 14:00:12 -0400
If your T1 line is maxed, I would suggest you use some type of network analyzer, like exporting netflow stats and generating reports based on that. ----- Original Message ----- From: "kyle" <kyle () inetconnection com> To: <security-basics () securityfocus com> Sent: Thursday, October 28, 2004 8:12 AM Subject: possible rooted systems
I am a lan administrator at a small school system with a T1 line for the internet. Lately I've noticed that the T1 line has been maxed, and a week later, it still is maxed out. I strongly believe that a few systems have
been
rooted (no viruses/trojans show up on scans) and need a novell based
packet
sniffer to determine what is legitimate and illegitimate traffic. Does
anyone
know of any good ones? We run many xp and 98 boxes with multiple novell servers. I think some of the 98 boxes are the ones that were rooted On
using
them I've noticed one common thing on every one of them at that building. spyware beyond usage (current record 35000 entries before adaware locked
up).
I know how I can just fix it, but I need some sort of log so I can justify
my
means. ;) Thanks Kyle
Current thread:
- possible rooted systems kyle (Oct 28)
- Re: possible rooted systems Mike (Oct 28)
- Re: possible rooted system xyberpix (Oct 28)
- Re: possible rooted systems Adam Jones (Oct 28)
- Re: possible rooted systems mike (Oct 28)
- Re: possible rooted systems kyle (Oct 28)
- RE: possible rooted systems AndrewC (Oct 28)
- RE: possible rooted systems David Gillett (Oct 28)
- <Possible follow-ups>
- RE: possible rooted systems Beauford, Jason (Oct 28)
- Re: possible rooted systems Mailing Lists (Oct 28)
- Re: possible rooted systems Mike (Oct 28)