Security Basics mailing list archives
Re: strange data traffic
From: "Adam Newhard" <atnewhard () microstrain com>
Date: Wed, 17 Sep 2003 13:29:54 -0400
Post some of the logs. If it's all internal traffic, obviously you know where to look. Othewise take a look at the port it's coming in/going out on, traceroute the ip to find the source of the outside traffic, and track the thing down. If the traffic is coming from one or a couple machines in the building, it's not too hard to figure out how to take care of everything. Hopefully, you're not one of the lucky people w/an irc bot on your network ddos'ing someone. This is pretty simple stuff, so start there. adam ---------------------------------------------------- Adam Newhard Microstrain, Inc. If vegetarians eat vegetables, watch out for humanitarians ----- Original Message ----- From: "Fields, James" <James.Fields () bcbsfl com> To: <danielgil () softhome net>; <security-basics () securityfocus com> Sent: Wednesday, September 17, 2003 9:44 AM Subject: RE: strange data traffic
At my company this is often caused by nightly backups of servers - any chance a network admin at your site set up something new that you aren't aware of? -----Original Message----- From: danielgil () softhome net [mailto:danielgil () softhome net] Sent: Monday, September 15, 2003 6:30 PM To: security-basics () securityfocus com Subject: strange data traffic Hi Iam using MRTG to monitor the internet traffic in my server, during day time the traffic is very intense and by night the traffic slow down significantly. This behavior repeat day after day. But a few days ago the traffic did not slow down as I expected and the MRTG show a very intense traffic activity during night-time. My question is: Can I say that this is hacker activity (perhaps downloading files)?. Could it be a robot (the ones that index html pages)?. My logs doesn't give good hints about this. by the way, there is no large files (available to simple users) to download in the server. any clue ?. Thanks in advance ------------------------------------------------------------------------ --- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ------------------------------------------------------------------------ ---- Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate
companies are not responsible for errors or omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue Shield of Florida, Inc. The information contained in this document may be confidential and intended solely for the use of the individual or entity to whom it is addressed. This document may contain material that is privileged or protected from disclosure under applicable law. If you are not the intended recipient or the individual responsible for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK YOU.
--------------------------------------------------------------------------
-
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- strange data traffic danielgil (Sep 16)
- RE: strange data traffic David Gillett (Sep 16)
- <Possible follow-ups>
- RE: strange data traffic Fields, James (Sep 17)
- Re: strange data traffic Adam Newhard (Sep 17)