RE: strange data traffic

["Fields, James" <James.Fields () bcbsfl com>]

At my company this is often caused by nightly backups of servers - any
chance a network admin at your site set up something new that you aren't
aware of?

-----Original Message-----
From: danielgil () softhome net [mailto:danielgil () softhome net] 
Sent: Monday, September 15, 2003 6:30 PM
To: security-basics () securityfocus com
Subject: strange data traffic

Hi 

Iam using MRTG to monitor the internet traffic in my server, during day
time 
the traffic is very intense and by night the traffic slow down 
significantly. This behavior repeat day after day.
But a few days ago the traffic did not slow down as I expected and the
MRTG 
show a very intense traffic activity during night-time. 

My question is: 

Can I say that this is hacker activity (perhaps downloading files)?.
Could it be a robot (the ones that index html pages)?. 

My logs doesn't give good hints about this. 


by the way, there is no large files (available to simple users) to
download 
in the server. 

any clue ?. 

Thanks in advance

------------------------------------------------------------------------
---
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------
----





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or 
omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue 
Shield of Florida, Inc.  The information contained in this document may be confidential and intended solely for the use 
of the individual or entity to whom it is addressed.  This document may contain material that is privileged or 
protected from disclosure under applicable law.  If you are not the intended recipient or the individual responsible 
for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of 
this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK 
YOU.



---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------