Security Basics mailing list archives

RE: network worm

From: Shawn Wall <sjwall () shaw ca>
Date: Wed, 08 Dec 2004 19:36:27 -0700

Take a look at NTOP. www.ntop.org

shawn 

-----Original Message-----
From: l c [mailto:neo_italy02 () yahoo it] 
Sent: Wednesday, December 08, 2004 3:25 PM
To: security-basics () securityfocus com
Subject: network worm

Hi all,
in the past days our network was stressed from a lot of network worm (not
find from local antivirus, already up to date) with a stop of the traffic
caused from a lots of arp request. The last one was the WORM_SDBOT.ACJ a
worm that propagates itself using network shares and a worm that trend micro
(up to
date) was unable to find, causing the saturation of the network switches and
the related stop of all the work. The question is: "is there the possibility
to setup an instrument (even linux based) to sniff the network traffic with
capabilities to find worm?". We have already a linux based tool for network
monitoring, this tool is useful to isolate host with a lots of ARP request
(typical of the worm), but this tool can't point us to which worm is doing
the traffic.

Thanks a lot
Luis

___________________________________
Nuovo Yahoo! Messenger: E' molto più divertente: Audibles, Avatar, Webcam,
Giochi, Rubrica Scaricalo ora! 
http://it.messenger.yahoo.it

Current thread:

network worm l c (Dec 08)
- RE: network worm Shawn Wall (Dec 09)
- RE: network worm Harshul Nayak (Dec 09)
  - Re: network worm Brandon Glaze (Dec 10)
- Re: network worm Mario Pascucci (Dec 09)
- Re: network worm xyberpix (Dec 09)
- Re: network worm Kirk Schafer (Dec 17)
- <Possible follow-ups>
- RE: network worm Joe Cervantes (Dec 09)
- Re: network worm Steve Phipps (Dec 09)