Re: Network Flood
- From: Peter R. Fletcher <seebelow@xxxxxxxxxxxx>
- Date: Mon, 04 Sep 2006 07:27:36 +0100
On 3 Sep 2006 12:51:45 -0700, "GregG" <e.pricecut@xxxxxxxxxxx> wrote:
Peter R. Fletcher wrote:
I missed the bit in your original post where it appears that at least
the DNS flood is coming from (or at least through) XP - all the
zeroes in the network monitoring results made me think of a hardware
fault.
I would suggest two approaches:
1) it looks as if you have tested by substitution all possible
hardware causes except bad cabling. Try running a new, temporary cable
between the XP machine and your switch. I frankly don't expect this to
solve the problem, but network cabling problems can sometimes give
rise to very strange symptoms indeed.
2) Boot another OS on the XP machine and see whether the flood
continues. There are a number of trial versions of different flavours
of Linux which have come out on computer magazine cover disks and/or
can be downloaded and burnt to CD-Rs and run from the CD. Assuming
that your hardware is fairly vanilla, you should be able to access the
network from the "foreign" OS. If the "foreign" OS can access the
network and doesn't flood it, I would have to assume that you either
have a very well hidden piece of malware, or part of your XP network
stack has been corrupted in a particularly spectacular fashion. If
that't the case, you are probably going to have to do at least a
Repair reinstall of XP. If a foreign OS booted and running from a
clean CD also causes the same behaviour on the network, it has to be
network hardware-related, or just conceivably something in the MoBo..
On 30 Aug 2006 15:10:27 -0700, "GregG" <e.pricecut@xxxxxxxxxxx> wrote:
Thanks Peter for guidelines.
I suspect this indeed was a very well hidden malware. I was hit by a
virus about 3 weeks ago. Cleaned it (thoroughly I thought according to
various antivirus/antispyware applications/utilities and personal
experience with this type of events). But, you never know and
apparently something was still out there, created a channel bypassing a
firewall (as in addition to frames I mentioned XP began receiving SMTP
requests from various external hosts). In any case I still do not know
what it was but it appears to stop acting once I did XP repair.
A side note. This is probably known but just in case for someone going
through similar problem - before doing XP repair always disable
Antivirus software. I remember that from upgrading to XP but failed to
do it this time while repairing. Had to use a recovery console to
disable Norton antivirus. Otherwise repair process kept failing
rebooting the machine in the middle of installation while installing
drivers.
Glad you got it sorted. The problem you describe with reinstalling in
the presence of AV software isn't 100% consistent, and may depend on
the version and on other software installed - I have got away with it
in the past. Your recommendation is a sensible one, however.
Please respond to the Newsgroup, so that others may benefit from the exchange.
Peter R. Fletcher
.
- References:
- Re: Network Flood
- From: GregG
- Re: Network Flood
- Prev by Date: Re: PC's not seeing each other
- Next by Date: Re: Windows Networking Abruptly Stops...umm, Networking.
- Previous by thread: Re: Network Flood
- Next by thread: Can I use two modems?
- Index(es):
Relevant Pages
|
