Re: Is this a virus?

From: Michael (Not-My-Real_Address_at_bigpond.net.au)
Date: 03/11/04

  • Next message: Michael: "Re: Is this a virus?"
    Date: Thu, 11 Mar 2004 22:57:56 GMT
    
    

    "Nils Petter Vaskinn" <me@privacy.net> wrote in message
    news:pan.2004.03.11.20.19.58.458253@privacy.net...
    > On Thu, 11 Mar 2004 02:50:08 +0000, Michael wrote:
    >
    > > Linux gateway = Redhat
    > [snipp long horror story]
    > > DST=69.2.40.97 3
    >
    > Can you isolate it on a network with a machine you control, give it a
    > resposnse to the lookup and then see what id does? If it's a worm it
    > probably wants to send something, and if you can get a cappture of it then
    > you migght be able to fiigure out what it is.

    It is already isolated (blocked from internet access) but does not appear to
    want to propagate to the other windows machines I have. I wish I could get
    it to do something that would reveal what program it was.

    When I run windump there is so much normal activity for windows networks
    that I cannot tell what is what. The machines are always chacking names and
    looking to see who is there even if I take the network lead out of the card
    on the suspect machine.

    A few extra points to note:

    I have a linux machien running a WINS server (under Samba) and inoming VPN
    access to the NT machine and several domains listed under the Domain Suffix
    Search Order in the TCP/IP properties. I have a similar setup on an XP Pro
    machine that does not appear to be affected.

    > --
    > NPV
    >
    > What did that old blonde gal say? -- That is the part you throw away.
    > Tom Waits - The part you throw away
    >


  • Next message: Michael: "Re: Is this a virus?"

    Relevant Pages

    • Re: Is this a virus?
      ... > Can you isolate it on a network with a machine you control, ... It is already isolated (blocked from internet access) but does not appear to ... want to propagate to the other windows machines I have. ... looking to see who is there even if I take the network lead out of the card ...
      (comp.os.linux.security)
    • Re: Isolating 1 Workstation from the rest of the network
      ... > small peer-to-peer network... ... > computer he would like me to add to the network and somehow isolate ... > router connected to a cable modem for internet access. ... all workstations are fully patched and updated, ...
      (microsoft.public.security)
    • Re: Slow
      ... look at that I'm confident I'll be able to isolate the issue. ... How many DCs in the network and what is the network topology? ... Always keep to clean boot. ... > Refer to the following article to enable userenv log. ...
      (microsoft.public.win2000.general)
    • Re: PXE, OS Imaging(?) in the DMZ
      ... isolate a vlan on the network for PXE build with it's own pxe/dhcp ... The vlan has ACLs that prevent intra-vlan communication from ... the build network but allow external excess via the router for updates ... When you say DMZ I assume you mean in the isolated but open sense. ...
      (Security-Basics)
    • Isolating 1 Workstation from the rest of the network
      ... I maintain a small, 7 station network for a friends business and recently, ... use this one system to access the internet and their email or whatever. ... antivirus programs would be installed but I need some help on how to isolate ... still connect to the LinkSys router and have access to the internet? ...
      (microsoft.public.security)