Yep, reading down list, I see my suspicions were correct. Definitely
congrats, and well written!
On 5/9/17 9:30 AM, Bruce Robertson wrote:
Ummmm... congratulations?
On 5/8/17 7:49 PM, Steve Jones wrote:
So this weekend I discovered a Trojan virus on my network. Sometime
around January we had opted to remove an old firewall that had met
its product life cycles end. We were still in the process of deciding
whether to continue with temporary firewalls or look toward more
robust input/output chain policies for a hardened, more permanent
solution. In the mean time, of course, we continued to do the
upload/download thing. We had some suspicion that there was something
going on, we noted alot of broadcast storms, particularly in the
mornings. The network had become particularly sluggish and there
seemed to be alot of application bloat, initially i just attributed
this to poor code maintenance resulting in a memory leak.
We did a basic Netstat this weekend and discovered a traffic anomaly.
So we went to a professional and had them run a packet sniffer. We
had verification of foreign code, likely for as long as 6-8 weeks.
It will be layer 3 in this case but its too early to tell whether
this codes payload will be TCP or UDP, we will be monitoring as the
code replicates. This is a pretty common virus, as a matter of fact
we have all had it at one point, probably so long ago we dont even
remember. We anticipate The fully formed packet chain to leave NAT
mode and be fully routed out to the WAN in December.
