We are having weird issues with our server to how do you know if you have Gaobot infection? What anti virus software do all of you run? We are currently using AVG however my server still acts like it has a virus issue. I found SoBig F on it about 1 1/2 months ago and cleaned it how ever still see to have issues. The big thing being AVG did not find it I down loaded Trend Micro and it found it. I would really appreciate the help.
Thanks Kelly -----Original Message----- From: "Rod Trent" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Sun, 2 Nov 2003 12:21:57 -0500 Subject: RE: [ActiveDir] RestrictAnonymous Settings > Keep in mind that with the RestrictAnonymous value set, SMS will not be > able > to detect the OS of discovered computers. > > > _____________________________________________ > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Marcus Oh > > Sent: Sunday, November 02, 2003 12:21 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] RestrictAnonymous Settings > > > > This has been a long week. We finally made the RestrictAnonymous=1 > > setting this weekend to combat what looked like "Gaobot" infections > > locking out thousands of accounts. Gave the PDCe a good run for the > money > > with all the lock/unlock activity going on. > > > > The odd thing is, shortly after we put the settings in place and > bounced > > all the domain controllers, it still happened. The bottom line > being, a > > two fold situation. One, an infection of sdbot, causing lockouts... > the > > other we discovered on a sniff of one of the DCs showing ridiculously > high > > # of packets originating from one machine. Finally in the clear for > > now... > > > > Problem is, any script written to enumerate objects w/ a normal or > > logged-on user account and attempt a dictionary list of passwords is > going > > to cause this same problem. Any of you guys have lockout policies in > > place... and if so... what steps have you taken to mitigate these > lockout > > storms? > > > > Thanks! > > > > Marcus > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
