Security Basics mailing list archives
RE: possible rooted systems
From: xyberpix <xyberpix () xyberpix com>
Date: Sat, 30 Oct 2004 22:06:40 +0100
On this thread I would recommend blocking as many P2P ports as possible, and then see if your line is still maxed after this. Here's a link for you, maybe someone else can recommend a better link? http://www.commodon.com/threat/threat-allports.htm xyberpix On Thu, 2004-10-28 at 20:31, David Gillett wrote:
It is, of course, possible that you have one or more compromised machines on your network. But when I've seen Internet connections max out, it has been due to P2P file-sharing at least as often as compromised systems.... Dave Gillett-----Original Message----- From: kyle [mailto:kyle () inetconnection com] Sent: Thursday, October 28, 2004 5:13 AM To: security-basics () securityfocus com Subject: possible rooted systems I am a lan administrator at a small school system with a T1 line for the internet. Lately I've noticed that the T1 line has been maxed, and a week later, it still is maxed out. I strongly believe that a few systems have been rooted (no viruses/trojans show up on scans) and need a novell based packet sniffer to determine what is legitimate and illegitimate traffic. Does anyone know of any good ones? We run many xp and 98 boxes with multiple novell servers. I think some of the 98 boxes are the ones that were rooted On using them I've noticed one common thing on every one of them at that building. spyware beyond usage (current record 35000 entries before adaware locked up). I know how I can just fix it, but I need some sort of log so I can justify my means. ;) Thanks Kyle
-- For Security and Open Source news: http://xyberpix.demon.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: possible rooted systems kyle (Nov 01)
- <Possible follow-ups>
- RE: possible rooted systems xyberpix (Nov 01)
- Re: possible rooted systems Alvin Oga (Nov 02)
- Re: possible rooted systems Mailing Lists (Nov 01)
- RE: possible rooted systems xyberpix (Nov 02)