RE: possible rooted systems

["David Gillett" <gillettdavid () fhda edu>]

  It is, of course, possible that you have one or more compromised
machines on your network.  But when I've seen Internet connections
max out, it has been due to P2P file-sharing at least as often as
compromised systems....

Dave Gillett


> -----Original Message-----
> From: kyle [mailto:kyle () inetconnection com]
> Sent: Thursday, October 28, 2004 5:13 AM
> To: security-basics () securityfocus com
> Subject: possible rooted systems
>
>
> I am a lan administrator at a small school system with a T1 
> line for the 
> internet. Lately I've noticed that the T1 line has been 
> maxed, and a week 
> later, it still is maxed out. I strongly believe that a few 
> systems have been 
> rooted (no viruses/trojans show up on scans) and need a 
> novell based packet 
> sniffer to determine what is legitimate and illegitimate 
> traffic. Does anyone 
> know of any good ones? We run many xp and 98 boxes with 
> multiple novell 
> servers. I think some of the 98 boxes are the ones that were 
> rooted On using 
> them I've noticed one common thing on every one of them at 
> that building. 
> spyware beyond usage (current record 35000 entries before 
> adaware locked up). 
> I know how I can just fix it, but I need some sort of log so 
> I can justify my 
> means. ;)
> Thanks
> Kyle