Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: network worm

From: "Joe Cervantes" <jcervantes () senecaco com>
Date: Thu, 9 Dec 2004 09:17:36 -0600
I would suggest monitoring with a sniffer such as ethereal. That is what I used to discover sdbot on our network. This 
will tell you what address are generating traffic and what port there trying to reach.

Joe

-----Original Message-----
From: l c [mailto:neo_italy02 () yahoo it] 
Sent: Wednesday, December 08, 2004 4:25 PM
To: security-basics () securityfocus com
Subject: network worm

Hi all,
in the past days our network was stressed from a lot of network worm (not find from local antivirus, already up to 
date) with a stop of the traffic caused from a lots of arp request. The last one was the WORM_SDBOT.ACJ a worm that 
propagates itself using network shares and a worm that trend micro (up to
date) was unable to find, causing the saturation of the network switches and the related stop of all the work. The 
question is: "is there the possibility to setup an instrument (even linux based) to sniff the network traffic with 
capabilities to find worm?". We have already a linux based tool for network monitoring, this tool is useful to isolate 
host with a lots of ARP request (typical of the worm), but this tool can't point us to which worm is doing the traffic.

Thanks a lot
Luis


                
___________________________________
Nuovo Yahoo! Messenger: E' molto piĆ¹ divertente: Audibles, Avatar, Webcam, Giochi, Rubrica... Scaricalo ora! 
http://it.messenger.yahoo.it
Previous By Date Next
Previous By Thread Next

Current thread: