Re: possible rooted system

[xyberpix <xyberpix () xyberpix com>]

Setup a linux box, install ntop, and then see what that shows you.
If you decide to go this way and need any help, gimme a shout.

xyberpix


On Thu, 2004-10-28 at 19:00, Mike wrote:
> If your T1 line is maxed, I would suggest you use some type of network
> analyzer, like exporting netflow stats and generating reports based on that.
>
>
> ----- Original Message ----- 
> From: "kyle" <kyle () inetconnection com>
> To: <security-basics () securityfocus com>
> Sent: Thursday, October 28, 2004 8:12 AM
> Subject: possible rooted systems
>
>
> > I am a lan administrator at a small school system with a T1 line for the
> > internet. Lately I've noticed that the T1 line has been maxed, and a week
> > later, it still is maxed out. I strongly believe that a few systems have
> been
> > rooted (no viruses/trojans show up on scans) and need a novell based
> packet
> > sniffer to determine what is legitimate and illegitimate traffic. Does
> anyone
> > know of any good ones? We run many xp and 98 boxes with multiple novell
> > servers. I think some of the 98 boxes are the ones that were rooted On
> using
> > them I've noticed one common thing on every one of them at that building.
> > spyware beyond usage (current record 35000 entries before adaware locked
> up).
> > I know how I can just fix it, but I need some sort of log so I can justify
> my
> > means. ;)
> > Thanks
> > Kyle
-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part