Thread: DoS
-
September 18th, 2003, 05:36 PM
#1
Junior Member
DoS
hey i dont know anything about a DoS attack but a server is having some problems. its a new server running win 2k, 2.4 gig intel xeon, 1 gig DDRAM. not even a month old. the problem is that interoffice email is taking 18 hours and office ping is around 4000! all workstations are new. there are 14 computers on the network. at first i thought about the NIC cards, (10/100) then maybe i thought they could be using a hub, not a switch, then i thought about cat-5, but i just cant figure out why its so slow! the workstations are running novell small business (im pretty sure) ive tried to include all information that would help you guys out, if you need to know anything you can IM me at smth op 86 or email me at erbaker@dmacc.edu thanks a lot for any help!
Stay away from my friends, they\'re smooth operators lookin for a way in.
-
September 18th, 2003, 06:18 PM
#2
Hi, not my area of expertise, but your timescale tends to tie in with several worms or viruses?.........could be one of these pinging around.
I have always been hacked off by stuff that wants to "register itself" before I even have an internet connection... I shall register when I want to...........and that will be after the AV and firewall!!! Hell................I paid for it?
Seems you might have a malware incident, as you say it is about a month old?
You also have an ".edu" to your e-mail.................student pranks?
Just a couple of thoughts?
Good luck
-
September 19th, 2003, 05:17 PM
#3
Junior Member
no im asking for my mom, its at a law firm. thats just my student address.
Stay away from my friends, they\'re smooth operators lookin for a way in.
-
September 19th, 2003, 05:20 PM
#4
$100 you have the blaster worm.
-
September 19th, 2003, 05:27 PM
#5
Junior Member
how can i be for sure? i dont want to go around fixing the blaster worm when i dont have it...
Stay away from my friends, they\'re smooth operators lookin for a way in.
-
September 19th, 2003, 05:32 PM
#6
If there is a firewall involved, check the logs for heavy activity on port 135. You can also download the repair tool from Symantec, it's quick and easy to use and will not only let you know if your infected, it will clean up the systems as well.
Cheers:
-
September 19th, 2003, 05:36 PM
#7
Why not? Fixing vulerabilities before you get infected is called patching, and it's a very good idea. After you patch your systems up to date, you may want to run a virus scanner and/or a spyware checker: www.lavasoftusa.com
Other then that, have you thought about installing a simple bandwidth meter on your server and workstations? This may help to find the cause of this disturbance.
-
September 19th, 2003, 05:40 PM
#8
Member
You'll also want to make sure to download their newest 'removal' tool. It will allow you to remove any of the various versions of Blaster (including Blaster.D - Nachi worm)...
You can get it from symantec here:
http://securityresponse.symantec.com...oval.tool.html
I would agree that what you've described definatly sounds like some systems have been infected with at least one version of this worm...
RRP
-
September 19th, 2003, 05:54 PM
#9
High ping times can also indicate Welchia virus which shits ICMP packets everywhere.
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
September 19th, 2003, 05:59 PM
#10
You are 'asking for Mum' ..... nice gesture on your part.
BUT.....who setup the network ? Who maintains it ? Who updates the Novell ?
I am presuming whoever installed it also tested the network cables.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|