--- Rod Waldren <[EMAIL PROTECTED]> wrote:
> Is there a package available will easily (for a > beginner/novice) identify > virus, trojan and D-O-S activity on a network? I'm > thinking along the > packet capture line such as TCPdump with prebuilt > filters for common > threats. > > Any advice would be appreciated. Unfortunately, I > don't have time to > experiment and learn how to track it down right > since this system is in use > 24x7, except for when the entire system dumps each > night (always within the > same ~2 hour window). > > Here the situation...I have three subnets with 24 > workstations each. Each > subnet has a server to provide a lookup DB to the > workstations in that > subnet. The subnets are switched and also > physically connected for > flexibility and administration. This is private LAN > that is that is > serially connected to 9 other remote private LAN's. > Each night a subnet > will start having lookup timeouts that quickly > worsen and spread to effect > the other subnets. Broadcast traffic goes through > the roof according to > netstat and the switches but without an analyzer the > source can't quickly be > identified. Rebooting the systems fixes it but > leaves no time to > troubleshoot. So I hope to be able to watch the > wire from a box to track > this down. In deed tcpdump is a very good option, when I have problems of the kind I use tcpdump, ettercap(have a lot of options) and snort. Also try iptraf for simplicity of use. Hope this help Regards. -- Sergio Basurto J. If I have seen further it is by standing on the shoulders of giants. (Isaac Newton) -- __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
