[Dshield] Some information regarding possible attack

Steven Hull sphull at oanet.com
Sat May 18 00:19:19 GMT 2002


One possibility is that you may have a trojan or worm which your anti-virus
can/doesn't see.  Without knowing which OS you are using I'll assume it's
Wondows.  One thing you could try is TDS3 and Wormguard from Wayne Langlois
in Australia.  You can get TDS-3 and Wormguard from here:
http://www.diamondcs.com.au/  Hope this helps.

Steve


----- Original Message -----
From: "Saurabh Dass Manandhar" <saurabh at ku.edu.np>
To: <list at dshield.org>
Cc: <dshield at dshield.org>
Sent: Thursday, May 16, 2002 10:05 PM
Subject: [Dshield] Some information regarding possible attack


> Since I did not get any indication that this mail actually reached the
> list, i am sending it again. I am sorry if it is repeated.
>
> -------------------------
>
> I don't know if this is the right place to discuss it, but I have this
problem.
>
> One of the machines running in our network, 203.91.135.136, is
continuously
> transmitting something to the Internet. I downloaded evaluation version of
> CommView 3.3 and saw that it was sending thousands of records to different
> IP addresses to TCP port 80. Upon analyzing the packets, found out that it
> had no data, just Ethernet, IP and TCP headers. Since it is sending tens
of
> thousands, if not hundreds of thousands, packets per minute to different
> destinations -- all on port 80 of destination machines -- the rest of the
> network has become very very slow. I have checked for viruses using latest
> anti virus and latest patches, but found no viruses. As a last ditch
> effort, I have removed it from network, but it is not a permanent
solution.
> I am attaching a file in txt format files with some packets.
>
> Can anyone help?
>
> Saurabh D. Manandhar
> Dept. of Computer Science and Engineering
> Kathmandu University


---
Outgoing mail is certified Virus Free by AVG Control Center.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.362 / Virus Database: 199 - Release Date: 07/05/2002




More information about the list mailing list