strange windows behaviour.
From: Peter Moody (peter_at_ucsc.edu)
Date: 10/06/03
- Previous message: Benjamin Franz: "Re: BIND 9.2.1 crashes"
- Next in thread: John Sage: "Re: strange windows behaviour."
- Reply: John Sage: "Re: strange windows behaviour."
- Maybe reply: H Carvey: "Re: strange windows behaviour."
- Maybe reply: Harlan Carvey: "Re: strange windows behaviour."
- Reply: J Mike Rollins: "Re: strange windows behaviour."
- Maybe reply: Derek: "Re: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Pepijn Vissers: "RE: strange windows behaviour."
- Maybe reply: Karl Levinson: "Re: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Harley David: "RE: strange windows behaviour."
- Maybe reply: Harley David: "RE: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Derek: "Re: strange windows behaviour."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: Mon, 06 Oct 2003 13:05:13 -0700
Hello all,
I've got a bit of a problem, and I was wondering if anyone on this list
has seen similar things. Recently, we've been having student windows
machines on our residential network begin spewing large, massive (on the
order of hundreds of thousands in a few hours) spam messages at our mail
servers. We promptly disconnect the machines and head down to do some
forensic work on the boxes when we get a chance (usually after they call
to complain that the internet has died).
I've been trying to find information on this, but the most I've been
able to come up with is an advisory from symantec's threat management
system saying Mprox (some sort of MS proxy) is to blame. None of the
machines I've gone and examined have had this program running or on the
system anywhere for that matter.
Has anyone else had similar problems of late? This all started for us
about a week ago and it's showing no signs of going away any time soon.
Thanks.
-Peter
-- Peter Moody <peter@ucsc.edu> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Benjamin Franz: "Re: BIND 9.2.1 crashes"
- Next in thread: John Sage: "Re: strange windows behaviour."
- Reply: John Sage: "Re: strange windows behaviour."
- Maybe reply: H Carvey: "Re: strange windows behaviour."
- Maybe reply: Harlan Carvey: "Re: strange windows behaviour."
- Reply: J Mike Rollins: "Re: strange windows behaviour."
- Maybe reply: Derek: "Re: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Pepijn Vissers: "RE: strange windows behaviour."
- Maybe reply: Karl Levinson: "Re: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Harley David: "RE: strange windows behaviour."
- Maybe reply: Harley David: "RE: strange windows behaviour."
- Maybe reply: Schmehl, Paul L: "RE: strange windows behaviour."
- Maybe reply: Derek: "Re: strange windows behaviour."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
