[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suspicious activity on the wire




--- Rod Waldren <rjwaldren@yahoo.com> wrote:

> Is there a package available will easily (for a
> beginner/novice) identify 
> virus, trojan and D-O-S activity on a network?  I'm
> thinking along the 
> packet capture line such as TCPdump with prebuilt
> filters for common 
> threats.
> 
> Any advice would be appreciated.  Unfortunately, I
> don't have time to 
> experiment and learn how to track it down right
> since this system is in use 
> 24x7, except for when the entire system dumps each
> night (always within the 
> same ~2 hour window).
> 
> Here the situation...I have three subnets with 24
> workstations each.  Each 
> subnet has a server to provide a lookup DB to the
> workstations in that 
> subnet.  The subnets are switched and also
> physically connected for 
> flexibility and administration.  This is private LAN
> that is that is 
> serially connected to 9 other remote private LAN's. 
> Each night a subnet 
> will start having lookup timeouts that quickly
> worsen and spread to effect 
> the other subnets.  Broadcast traffic goes through
> the roof according to 
> netstat and the switches but without an analyzer the
> source can't quickly be 
> identified.  Rebooting the systems fixes it but
> leaves no time to 
> troubleshoot.  So I hope to be able to watch the
> wire from a box to track 
> this down. 
In deed tcpdump is a very good option, when I have
problems of the kind I use tcpdump, ettercap(have a
lot of options) and snort. Also try iptraf for
simplicity of use.

Hope this help

Regards.


-- 
Sergio Basurto J.

If I have seen further it is by standing on the 
shoulders of giants. (Isaac Newton)
--

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



Reply to: