More info, perhaps? Like: - What does your network setup look like (before and after recent changes you mention)? - What operating systems are in use? - Are they patched? - What services do you make available on the Internet (exposure) - Have you ran chkrootkit, f-prot AV, clam AV on suspect systems? If Windows, have you run the various free scanners on them to see if it is something existing?
________________________________ From: [EMAIL PROTECTED] on behalf of Lucky Leavell Sent: Sun 9/19/2004 11:12 PM To: [EMAIL PROTECTED] Subject: [Clamav-users] Syn Flooding Virus/Worm/Trojan? We are a small ISP suffering from repeated SYN Flood DoS/DDoS type attacks. After putting a bridging firewall in place and using a packet sniffer, we are certain the attacks are coming from within our own network with machine A attacking machine B, both of which are in the same subnet. If you cut off machine A, the attack merely resumes with machine C attacking machine D, etc. Attacks rarely last more than a few minutes at a time. Question: Is the a recent virus/worm/trojan with a modus operandi anything like my desciption? (We are in the process of forcing all email coming into out subnets through amavis-new/clamav/spamassassin but aren't there yet.) Any further ideas/suggestions? Thank you, Lucky Leavell ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
