Re: Virus or hack that causes packet loss??
From: Bill Hudson (hudsonwj@yahoo.com)Date: 03/06/02
- Next message: Garry Knight: "Re: Encrypting File System on Linux or *BSD"
- Previous message: Tim Haynes: "Re: Who is doom and Elite? + ssh question"
- In reply to: aaron: "Virus or hack that causes packet loss??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bill Hudson <hudsonwj@yahoo.com> Date: 05 Mar 2002 23:00:05 GMT
On Tue, 05 Mar 2002 12:33:29 -0800, aaron wrote:
> I get the following ping info on my mail server and now one of our file
> servers as well indicating that we may have been hacked or there's a
> virus spreading. Here are two ping results from the same machine. Ping
> results from the file server are identical.
in my experience, the ascending ping times means that there is a DNS
resolution problem. You can test this by using the -n command-line
option to turn off DNS lookups in ping.
[snipped ping-times]
> No the interesting parts.
>
> 1. This only happens when I ping from the problem server to another
> server or workstation on our private network. If I ping anything else,
> it comes back fine.
>
> 2. If I ping either of these machines from any other computer on our
> private or public network the results are perfect.
>
> 3. I've tried using different NIC's and also different switches. I've
> taken down the firewall on both machines as well as verified there was
> nothing in hosts deny or allow that might be blocking traffic.
>
> 4. The problem was intermitent until a few days ago
>
> 5. On the mail server mail con still be retrieved fro, anywhere except
> the private side network. If you're on our private side network then you
> can still receive mail but it takes about 3 minutes to make the
> connection, once the connection is made the mail comes through just
> fine, as if there was no packet loss what so ever.
>
> 6. The file server can no longer be connected too from a PC on the
> private side network. We're using samba on the file server. If you're
> using a mac on our private side network it can still connect just fine
> as if there was no packet loss what so ever.
>
>
> OK so anyone ever seen anything like this before?
>
> Aaron
Check your DNS servers and the setups of the DNS clients.
- Next message: Garry Knight: "Re: Encrypting File System on Linux or *BSD"
- Previous message: Tim Haynes: "Re: Who is doom and Elite? + ssh question"
- In reply to: aaron: "Virus or hack that causes packet loss??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
