[Dshield] Some information regarding possible attack

Saurabh Dass Manandhar saurabh at ku.edu.np
Sun May 19 03:41:02 GMT 2002


Thanks a lot for your responses. It is now disconnected from network, and I 
have recommended the person in charge to reinstall everything, this time 
along with patches.

Saurabh





At 06:19 PM 5/17/2002 -0600, you wrote:
>One possibility is that you may have a trojan or worm which your anti-virus
>can/doesn't see.  Without knowing which OS you are using I'll assume it's
>Wondows.  One thing you could try is TDS3 and Wormguard from Wayne Langlois
>in Australia.  You can get TDS-3 and Wormguard from here:
>http://www.diamondcs.com.au/  Hope this helps.
>
>Steve
>
>
>----- Original Message -----
>From: "Saurabh Dass Manandhar" <saurabh at ku.edu.np>
>To: <list at dshield.org>
>Cc: <dshield at dshield.org>
>Sent: Thursday, May 16, 2002 10:05 PM
>Subject: [Dshield] Some information regarding possible attack
>
>
> > Since I did not get any indication that this mail actually reached the
> > list, i am sending it again. I am sorry if it is repeated.
> >
> > -------------------------
> >
> > I don't know if this is the right place to discuss it, but I have this
>problem.
> >
> > One of the machines running in our network, 203.91.135.136, is
>continuously
> > transmitting something to the Internet. I downloaded evaluation version of
> > CommView 3.3 and saw that it was sending thousands of records to different
> > IP addresses to TCP port 80. Upon analyzing the packets, found out that it
> > had no data, just Ethernet, IP and TCP headers. Since it is sending tens
>of
> > thousands, if not hundreds of thousands, packets per minute to different
> > destinations -- all on port 80 of destination machines -- the rest of the
> > network has become very very slow. I have checked for viruses using latest
> > anti virus and latest patches, but found no viruses. As a last ditch
> > effort, I have removed it from network, but it is not a permanent
>solution.
> > I am attaching a file in txt format files with some packets.
> >
> > Can anyone help?
> >
> > Saurabh D. Manandhar
> > Dept. of Computer Science and Engineering
> > Kathmandu University
>
>
>---
>Outgoing mail is certified Virus Free by AVG Control Center.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.362 / Virus Database: 199 - Release Date: 07/05/2002
>
>_______________________________________________
>Dshield mailing list
>Dshield at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list