Thread: DoS

**smooth_operator** · September 18th, 2003, 05:36 PM

hey i dont know anything about a DoS attack but a server is having some problems. its a new server running win 2k, 2.4 gig intel xeon, 1 gig DDRAM. not even a month old. the problem is that interoffice email is taking 18 hours and office ping is around 4000! all workstations are new. there are 14 computers on the network. at first i thought about the NIC cards, (10/100) then maybe i thought they could be using a hub, not a switch, then i thought about cat-5, but i just cant figure out why its so slow! the workstations are running novell small business (im pretty sure) ive tried to include all information that would help you guys out, if you need to know anything you can IM me at smth op 86 or email me at erbaker@dmacc.edu thanks a lot for any help!

**nihil** · September 18th, 2003, 06:18 PM

Hi, not my area of expertise, but your timescale tends to tie in with several worms or viruses?.........could be one of these pinging around.

I have always been hacked off by stuff that wants to "register itself" before I even have an internet connection... I shall register when I want to...........and that will be after the AV and firewall!!! Hell................I paid for it?

Seems you might have a malware incident, as you say it is about a month old?

You also have an ".edu" to your e-mail.................student pranks?

Just a couple of thoughts?

Good luck

**smooth_operator** · September 19th, 2003, 05:17 PM

no im asking for my mom, its at a law firm. thats just my student address.

***cheyenne1212*** · September 19th, 2003, 05:20 PM

$100 you have the blaster worm.

**smooth_operator** · September 19th, 2003, 05:27 PM

how can i be for sure? i dont want to go around fixing the blaster worm when i dont have it...

***DjM*** · September 19th, 2003, 05:32 PM

If there is a firewall involved, check the logs for heavy activity on port 135. You can also download the repair tool from Symantec, it's quick and easy to use and will not only let you know if your infected, it will clean up the systems as well.

Cheers:

***cross*** · September 19th, 2003, 05:36 PM

Why not? Fixing vulerabilities before you get infected is called patching, and it's a very good idea. After you patch your systems up to date, you may want to run a virus scanner and/or a spyware checker: www.lavasoftusa.com
Other then that, have you thought about installing a simple bandwidth meter on your server and workstations? This may help to find the cause of this disturbance.

**bpiedlow** · September 19th, 2003, 05:40 PM

You'll also want to make sure to download their newest 'removal' tool. It will allow you to remove any of the various versions of Blaster (including Blaster.D - Nachi worm)...

You can get it from symantec here:
http://securityresponse.symantec.com...oval.tool.html

I would agree that what you've described definatly sounds like some systems have been infected with at least one version of this worm...

RRP

***Maestr0*** · September 19th, 2003, 05:54 PM

High ping times can also indicate Welchia virus which shits ICMP packets everywhere.

-Maestr0

**dcongram** · September 19th, 2003, 05:59 PM

You are 'asking for Mum' ..... nice gesture on your part.

BUT.....who setup the network ? Who maintains it ? Who updates the Novell ?

I am presuming whoever installed it also tested the network cables.

Thread: DoS

Thread Tools

Display

DoS

Posting Permissions