-
May 20th, 2004, 07:22 PM
#1
Junior Member
I am under attack
Hi There,
I came in to work and found an alarm flashing on my firewall and over 10,000 connections on my network. (Generally I have between 60 and 70) Since we are non profit and have no proper virus protection, I literally went to every pc on the network and ran trend microsystems free online scan and also installed and ran AVG on each pc on the network. Not surprisingly I found a lot of viruses and the next day the network seemed fine. Now my firewall shows me constantly changing connection #'s my content filter isn't working and my file server keeps slowing down and going down.
I am running several network probes and can't seem to find the source of the problem. I did notice on look@lan that my machine name showed up with is~ before it, after rebooting the machine name showed normally again.... any ideas ????
-
May 20th, 2004, 07:32 PM
#2
Well did you try unplugging each machine? Either 1 at a time or all of them and re-plugging 1 at a time to see which one(s) are being problematic?
Sounds silly but often works..
-
May 20th, 2004, 07:32 PM
#3
Do you remember the names of the virus' that you found? It is highly possible that one of them was a trojan horse type and allowed someone else remote access to your systems. They then proably installed a backdoor to get back in if you removed the original trojan horse.
I would get zonealarm and pop that on your machines. I would then set it up so that only what you need to allow in / out is allowed and watch the bounces to see if you can identify a pattern.
Good luck and keep us updated.
-
May 20th, 2004, 07:41 PM
#4
Ho boy....well you definately need to get antivirus on each and every one of those machines ASAP. If you don't want to dish out the cash to Symantec or McAfee, check out AVG.
Hopefully those will catch all your multitude of viruses and trojans, but if not, follow the chef and do one machine at a time. Until they're clean, however, they need to be offline pronto.
-
May 20th, 2004, 07:43 PM
#5
Junior Member
Originally posted here by ss2chef
Well did you try unplugging each machine? Either 1 at a time or all of them and re-plugging 1 at a time to see which one(s) are being problematic?
Sounds silly but often works..
Thanks for the suggestion, but we actually have to keep the network running right now. School is in session...
-
May 20th, 2004, 08:29 PM
#6
Junior Member
Originally posted here by halv
Do you remember the names of the virus' that you found? It is highly possible that one of them was a trojan horse type and allowed someone else remote access to your systems. They then proably installed a backdoor to get back in if you removed the original trojan horse.
I would get zonealarm and pop that on your machines. I would then set it up so that only what you need to allow in / out is allowed and watch the bounces to see if you can identify a pattern.
Good luck and keep us updated.
Thanks very much I'll keep you posted.
Di
-
May 20th, 2004, 08:36 PM
#7
Thanks for the suggestion, but we actually have to keep the network running right now. School is in session...
Then I'd suggest at least installnig antirvirus programs on each and every machine. Hopefully that'll be enough to weed them all out of your network. Keep in mind, you may also need to run antivirus after starting up in safe mode to eliminate some of them.
-
May 20th, 2004, 08:39 PM
#8
Junior Member
working on it as we speak. I've convinced the staff here that it will cost them more not to purchase than to purchase...
-
May 20th, 2004, 09:50 PM
#9
Member
Something for you non-profit guys out there...
I know that many software companies offer huge discounts to non-profits (if not free all together). I bet you could contact symantec and get norton antivirus for realllllly cheap.
You are so bored that you are reading my signature?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|