Search:

It was SO DAMN F******* confusing because the ASS who set up the IPS did a piss poor job.. I spent considerable amount of time going through the IPS logs and found nothing.. Today in sheer...

No no.. no replication at all.. None of the machine communicate to each other for anything..

I've not found anything new post begining of this activity.. If you want me to run a sniffer again or...

Affected machines also include completely patched machines.



I have checked ARP table of few machines but of these (about 8) only one had malicious entry pointing to another infected machine...

Okay now this problem isn't reserved to billing machines.. I just got a call informing me that machines used by the customer are also affected..

There have been no new gpo's except one change that...

ALL the machine currently affected have the same problem. There are around 40 machines out of 4500 which are currently having this problem.

Billing machines are same as all other machines except...

I spent 2 days going through everything I had (network logs, process logs, security logs)..

Is there anyone who can suggest something or help ?

I really need help on this one.. If you want I...

There are couple of things I wanted to add.. I did some analysis on my way back..

I ran alternative browser (opera) and like IE even it can’t open any website.


I ran teamviewer software (it’s...

My feeling is some DoS attack.. But machines processor level doesn’t go way high nor are the ARP entries malformed, there are no concurrent connections.. ! Nothing out of the blue..

Really Really...

Thanks Westin.. I just finished editing the post.. Firewall is definitely not the problem. We don’t used inbuilt firewall and the HIPS package was switched off during testing !

Here is the scenario:
We have 5 AD's housing 5000 machine separated geographically (branches in various cities). Every branch has 1 (max 2) machine(s) which have billing enabled on them. These are...