Blaster and Sobig - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Blaster and Sobig

  1. #11
    Member
    Join Date
    Jul 2003
    Posts
    49
    Ahaahaaaha!!

    Well said Und3ertak3r!
    [gloworange]Athlon XP 2100+ 1.74GHz
    512MB PC2100 DDR-SD RAM
    RADEON 9600XT 256MB[/gloworange]

  2. #12
    Banned
    Join Date
    Apr 2003
    Posts
    1,147

    Talking

    Actually, if you are getting that much traffice on your local cable connection, a good personal firewall (I'm using McAfee, BTW, and it is working fine) will identify the IPs of the systems that have the infections. Backtrack to make sure, then Net Send their IP with a message. Provide a URL for help, removal tools and whatnot.

    If that doesn't help, contact your provider and make a lot of noise. Check your contract. Being a good net-neighbor is likely in there.

    Provide your ISP with the IPs of the offending machines and they will lock them out, if they are a responsible ISP.

    I just cleaned up a system on campus here that had the Welchias worm. Something got in, probably via the RCP and killed our Symantec AV installation on that box. Then the Welchias showed up. I caught this by seeing the odd outgoing traffic on the router. It accounted for about half-a-meg worth of bandwidth going out.

    A scan didn't find anything else there.

  3. #13
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    In response to undertaker, I can't believe I forgout about net send...lol I'll just send them a link sayng here's what can happen if you don't have a good av blah blah. I'll just move it over to my host and put an IP tracker script on it. And they've got XP so I assume messenger hasn't been turned off.

    And also, they aren't on my local network, its the neighborhood section of broadband for my isp, some of my other [clean] neighbors have noticed slower speeds also.

  4. #14
    Junior Member
    Join Date
    Jul 2003
    Posts
    11
    Had to change to proxy server.

  5. #15
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    Originally posted here by antionline_76
    Had to change to proxy server.

    What in the hell are you talking about?

    Anyway, getting the IP shouldnt be to hard, also, you may want to call up the ISP and tell them whats going on. Mine listens to me
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides