Re: W2k Server going crazy!!! Nic saturating my entire network!
From: Mike (mjl000@hotmail.com.nospam)
Date: 02/15/03
- Next message: Tan Fang Wai: "Re: Tweakui HELP!!!!!!!!!!!!!!!!!!"
- Previous message: bob betz: "Re: disturbing messages from csrss.exe"
- In reply to: Dan Laue: "W2k Server going crazy!!! Nic saturating my entire network!"
- Next in thread: Karl Levinson [x y] mvp: "Re: W2k Server going crazy!!! Nic saturating my entire network!"
- Reply: Karl Levinson [x y] mvp: "Re: W2k Server going crazy!!! Nic saturating my entire network!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike" <mjl000@hotmail.com.nospam> Date: Sat, 15 Feb 2003 12:20:09 GMT
Interesting development.
Your system has obviously been compromised. Disconnect the NIC's physical
connection to the switches for this server from the network and isolate the
problem - systematically approach the problem with logical steps.
Setup a temporary packet filter for FTP on your external address/WAN side NIC -
this will block all incoming packets for FTP or alternately only allow the ports
you know that are needed for appropriate public access to your server.
Try looking at symbolic links and partitions mounted to a directory and non
standard permissions on such.
There was possibly a registry change which may prevent you from
changing/deleting
the suspected resources.
Run appropriate scanners for viruses/trojans/worms/embedded scripts.
Check the Microsoft knowledgbase, security page and the Technet security page.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/defa
ult.asp
http://www.microsoft.com/security/
http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO
"Dan Laue" <dan@onestopcollect.com> wrote in message
news:073801c2d477$d569c270$a001280a@phx.gbl...
I found the problem the network is exploited they are
gaining acces thru ftp and using our server to share all
kinds od files found steven segal movies dubbed in another
language and all kind of other content but when i try to
delete the files it tells me the path is unreachable and
crashes the explorer window microsoft we need help?
anyone with questions please call me at 909-349-0311 ext
357
>-----Original Message-----
>When I turn this server on, 2-12 hours later, it starts
this nic stuff that
>kills my entire network!
>I mean it saturates my lan 100% constantly with multicast
or broadcast or
>whatever.
>
>I have switches, so the symptom is that all activity
lights come on on all
>used ports, like a
>multicast or broadcast.
>
>I've changed nics, to no avail. I've reinstalled the nic
drivers. Tried
>reinstalling the tcp/network layers
>all with no results.
>
>I am seriously looking at infection/virus, although none
are reported by
>NetShield.
>
>Anyone have a clue as to what to even look at?
>
>
>.
>
- Next message: Tan Fang Wai: "Re: Tweakui HELP!!!!!!!!!!!!!!!!!!"
- Previous message: bob betz: "Re: disturbing messages from csrss.exe"
- In reply to: Dan Laue: "W2k Server going crazy!!! Nic saturating my entire network!"
- Next in thread: Karl Levinson [x y] mvp: "Re: W2k Server going crazy!!! Nic saturating my entire network!"
- Reply: Karl Levinson [x y] mvp: "Re: W2k Server going crazy!!! Nic saturating my entire network!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
