Look for multiple bad password attempts coming from the same source. ________________________________
From: Kelsey, John [mailto:[email protected]] Sent: Friday, November 20, 2009 8:34 AM To: NT System Admin Issues Subject: Conficker Help! Looks like we're getting hit the Conficker this morning. Sophos is reporting several hundred 'conficker detected/cleaned' messages, so at least its catching it...BUT....how do I determine the source of the infection? Something I can look for with wireshark or something? Apparently there are some unprotected machines on the network. Any suggestions are welcome! ******************************* John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 2 : 814.375.4005 *: [email protected] <mailto:[email protected]> ******************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
