Re: possible rooted system

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 10/28/04

  • Next message: xyberpix: "Re: Securing Redhat Apache 2.0" 
    To: Mike <securitybasics@infinity77.net>
Date: Thu, 28 Oct 2004 20:17:07 +0100

    Setup a linux box, install ntop, and then see what that shows you.
    If you decide to go this way and need any help, gimme a shout.

    xyberpix

    On Thu, 2004-10-28 at 19:00, Mike wrote:
    > If your T1 line is maxed, I would suggest you use some type of network
    > analyzer, like exporting netflow stats and generating reports based on that.
    >
    >
    > ----- Original Message -----
    > From: "kyle" <kyle@inetconnection.com>
    > To: <security-basics@securityfocus.com>
    > Sent: Thursday, October 28, 2004 8:12 AM
    > Subject: possible rooted systems
    >
    >
    > > I am a lan administrator at a small school system with a T1 line for the
    > > internet. Lately I've noticed that the T1 line has been maxed, and a week
    > > later, it still is maxed out. I strongly believe that a few systems have
    > been
    > > rooted (no viruses/trojans show up on scans) and need a novell based
    > packet
    > > sniffer to determine what is legitimate and illegitimate traffic. Does
    > anyone
    > > know of any good ones? We run many xp and 98 boxes with multiple novell
    > > servers. I think some of the 98 boxes are the ones that were rooted On
    > using
    > > them I've noticed one common thing on every one of them at that building.
    > > spyware beyond usage (current record 35000 entries before adaware locked
    > up).
    > > I know how I can just fix it, but I need some sort of log so I can justify
    > my
    > > means. ;)
    > > Thanks
    > > Kyle
    > >
    > >
    > > 

    -- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

  • Next message: xyberpix: "Re: Securing Redhat Apache 2.0"