Security Basics mailing list archives
Re: possible rooted system
From: xyberpix <xyberpix () xyberpix com>
Date: Thu, 28 Oct 2004 20:17:07 +0100
Setup a linux box, install ntop, and then see what that shows you. If you decide to go this way and need any help, gimme a shout. xyberpix On Thu, 2004-10-28 at 19:00, Mike wrote:
If your T1 line is maxed, I would suggest you use some type of network analyzer, like exporting netflow stats and generating reports based on that. ----- Original Message ----- From: "kyle" <kyle () inetconnection com> To: <security-basics () securityfocus com> Sent: Thursday, October 28, 2004 8:12 AM Subject: possible rooted systemsI am a lan administrator at a small school system with a T1 line for the internet. Lately I've noticed that the T1 line has been maxed, and a week later, it still is maxed out. I strongly believe that a few systems havebeenrooted (no viruses/trojans show up on scans) and need a novell basedpacketsniffer to determine what is legitimate and illegitimate traffic. Doesanyoneknow of any good ones? We run many xp and 98 boxes with multiple novell servers. I think some of the 98 boxes are the ones that were rooted Onusingthem I've noticed one common thing on every one of them at that building. spyware beyond usage (current record 35000 entries before adaware lockedup).I know how I can just fix it, but I need some sort of log so I can justifymymeans. ;) Thanks Kyle
-- For Security and Open Source news: http://xyberpix.demon.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- possible rooted systems kyle (Oct 28)
- Re: possible rooted systems Mike (Oct 28)
- Re: possible rooted system xyberpix (Oct 28)
- Re: possible rooted systems Adam Jones (Oct 28)
- Re: possible rooted systems mike (Oct 28)
- Re: possible rooted systems kyle (Oct 28)
- RE: possible rooted systems AndrewC (Oct 28)
- RE: possible rooted systems David Gillett (Oct 28)
- <Possible follow-ups>
- RE: possible rooted systems Beauford, Jason (Oct 28)
- Re: possible rooted systems Mailing Lists (Oct 28)
- Re: possible rooted systems Mike (Oct 28)