[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Suspicious activity on the wire



Is there a package available will easily (for a beginner/novice) identify virus, trojan and D-O-S activity on a network? I'm thinking along the packet capture line such as TCPdump with prebuilt filters for common threats.

Any advice would be appreciated. Unfortunately, I don't have time to experiment and learn how to track it down right since this system is in use 24x7, except for when the entire system dumps each night (always within the same ~2 hour window).

Here the situation...I have three subnets with 24 workstations each. Each subnet has a server to provide a lookup DB to the workstations in that subnet. The subnets are switched and also physically connected for flexibility and administration. This is private LAN that is that is serially connected to 9 other remote private LAN's. Each night a subnet will start having lookup timeouts that quickly worsen and spread to effect the other subnets. Broadcast traffic goes through the roof according to netstat and the switches but without an analyzer the source can't quickly be identified. Rebooting the systems fixes it but leaves no time to troubleshoot. So I hope to be able to watch the wire from a box to track this down.



Reply to: