DoS

Printable View

September 18th, 2003, 05:36 PM
smooth_operator

DoS

hey i dont know anything about a DoS attack but a server is having some problems. its a new server running win 2k, 2.4 gig intel xeon, 1 gig DDRAM. not even a month old. the problem is that interoffice email is taking 18 hours and office ping is around 4000! all workstations are new. there are 14 computers on the network. at first i thought about the NIC cards, (10/100) then maybe i thought they could be using a hub, not a switch, then i thought about cat-5, but i just cant figure out why its so slow! the workstations are running novell small business (im pretty sure) ive tried to include all information that would help you guys out, if you need to know anything you can IM me at smth op 86 or email me at [email protected] thanks a lot for any help!
September 18th, 2003, 06:18 PM
nihil

Hi, not my area of expertise, but your timescale tends to tie in with several worms or viruses?.........could be one of these pinging around.

I have always been hacked off by stuff that wants to "register itself" before I even have an internet connection... I shall register when I want to...........and that will be after the AV and firewall!!! Hell................I paid for it?

Seems you might have a malware incident, as you say it is about a month old?

You also have an ".edu" to your e-mail.................student pranks?

Just a couple of thoughts?

Good luck
September 19th, 2003, 05:17 PM
smooth_operator

no im asking for my mom, its at a law firm. thats just my student address.
September 19th, 2003, 05:20 PM
cheyenne1212

$100 you have the blaster worm.
September 19th, 2003, 05:27 PM
smooth_operator

how can i be for sure? i dont want to go around fixing the blaster worm when i dont have it...
September 19th, 2003, 05:32 PM
DjM

If there is a firewall involved, check the logs for heavy activity on port 135. You can also download the repair tool from Symantec, it's quick and easy to use and will not only let you know if your infected, it will clean up the systems as well.

Cheers:
September 19th, 2003, 05:36 PM
cross

Why not? Fixing vulerabilities before you get infected is called patching, and it's a very good idea. After you patch your systems up to date, you may want to run a virus scanner and/or a spyware checker: www.lavasoftusa.com
Other then that, have you thought about installing a simple bandwidth meter on your server and workstations? This may help to find the cause of this disturbance.
September 19th, 2003, 05:40 PM
bpiedlow

You'll also want to make sure to download their newest 'removal' tool. It will allow you to remove any of the various versions of Blaster (including Blaster.D - Nachi worm)...

You can get it from symantec here:
http://securityresponse.symantec.com...oval.tool.html

I would agree that what you've described definatly sounds like some systems have been infected with at least one version of this worm...

RRP
September 19th, 2003, 05:54 PM
Maestr0

High ping times can also indicate Welchia virus which shits ICMP packets everywhere.

-Maestr0
September 19th, 2003, 05:59 PM
dcongram

You are 'asking for Mum' ..... nice gesture on your part.

BUT.....who setup the network ? Who maintains it ? Who updates the Novell ?

I am presuming whoever installed it also tested the network cables.
September 19th, 2003, 07:21 PM
GrApHiCTrOn

try updating your system download the newest updates for windows and any other software that you have.

And keep an eye for the ***Heads Ups*** posted by some of the members here and see what information they provide of the virus or search for it your self in antivirus websites.