Re: Program to sniff out packets.. Virus HELP plz

Tech-Archive recommends: Fix windows errors by optimizing your registry

BINGO!!!

shutdown all workstations.
Ensure AV on the server is functional and uptodate. IF IT AIN'T you have a
major problem.
Fire up a smallish group of workstations. Does anything peculiar happen? Do
they update their AV and is it fully functional?
Fire up another group.
Fire up another group.
Fire up another group.
Fire up another group.
Fire up another group.
Fire up another group.

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
wrote in message news:O3VH%230EzFHA.904@xxxxxxxxxxxxxxxxxxxxxxx
> Unplug the cables if need be. Figure out when your network 'responds'
> again when you find the machine firing off the tcp/ip connections.
>
> PeOpLeS wrote:
>
>>Quite right, it a 2K box with 80 2k and XP nodes. I posted here, as it was
>>a fairly general question applicable to either OS. Plus i know folk here,
>>know their stuff :)
>>
>>As for Sophos, i think the virus on the network, is making it flaky by
>>uninstalling from various nodes and eating up the bandwith preventing
>>internet access and thus updates :(
>>
>>"Marina Roos [SBS-MVP]" wrote:
>>
>>
>>>Hi,
>>>
>>>This can't be an SBS server with 80 nodes.
>>>And why is your Sophos enterprise out of date? It is far from flaky.
>>>
>>>--
>>>Regards,
>>>
>>>Marina Roos
>>>Microsoft SBS-MVP
>>>One of the Magical M&M's
>>>www.smallbizserver.net
>>>Take part in SBS forum:
>>>http://www.smallbizserver.net/Default.aspx?tabid=53
>>>
>>>"PeOpLeS" <PeOpLeS@xxxxxxxxxxxxxxxxxxxxxxxxx> schreef in bericht
>>>news:A8D06559-0851-48F1-9610-7545115E6F7C@xxxxxxxxxxxxxxxx
>>>
>>>>Does anyone know of a program that scan detect which computer is trying
>>>>to
>>>>flood my network with packets.
>>>>
>>>>I have a server and 80 nodes. I have been informed by the person that
>>>>controls the firewall that there are viruses on my network. They believe
>>>>
>>>that
>>>
>>>>one machine in particular is trying to flood the network with packets
>>>>and
>>>>
>>>is
>>>
>>>>crashing the firewall.
>>>>
>>>>I run Sophos enterprise, but this version is a bit flaky and out of
>>>>date.
>>>>
>>>>Because of the high volume of packets being transmitted, many of the
>>>>computers can't connect to the network.
>>>>
>>>>So
>>>>
>>>>Can anyone suggest a good program that can tell me which machine is
>>>>
>>>sending
>>>
>>>>out these high amounts of malicious packets?
>>>>
>>>>Your help is greatly appreciated.
>>>>
>>>>ppls
>>>>
>>>>
>>>
>>>
>
> --
> An open letter to the Security Community::
> http://msmvps.com/bradley/archive/2004/12/12/23540.aspx


.

Relevant Pages

  • Removing PCs from AD that were destroyed
    ... We recently had a fire and 5 workstations and a server were ... I need to properly remove them from Active Directory so I ...
    (microsoft.public.win2000.active_directory)
  • Re: Windows password expiration is not notifying the users
    ... I actually reboot each workstation every night while I have a regular ... And even if I have no updates to push, I still reboot the workstations ... - "Build a man a fire, and he'll be warm for a day. ...
    (microsoft.public.windows.group_policy)
  • Re: Program to sniff out packets.. Virus HELP plz
    ... I will try ethereal on the network next week... ... > Fire up a smallish group of workstations. ... >> again when you find the machine firing off the tcp/ip connections. ...
    (microsoft.public.windows.server.sbs)
  • Re: Registry deletions
    ... Maybe he wants to do it for job security? ... Can't fire the IT guy if all the ... SC Tom ... approximately 10,000 workstations. ...
    (microsoft.public.windowsxp.general)
  • Re: Event handler for a client side OWC component
    ... in an aspx page execute on the server. ... possible because a client object cannot fire server side code. ...
    (microsoft.public.office.developer.web.components)