A.P. Lawrence

Information and Resources for Unix and Linux Systems
Bloggers and the self-employed

Home
Kerio
Sections
- MacOSX
- Linux
- Blogging
- Self-Employment
- Support
Contents
- Most Popular
- Browse All Topics
- Newest Articles
- Random Page
- Surveys
Tests
- Linux
- Mac OS X
- SCO Unix
- Perl
Resources
- Site Forum
- Write for this site
- Find a Consultant
- Contact Info
- RSS Feeds
- Store
- Advertise Here
- Disclaimer
Help
- About
- Rates
- Copyrights
- Contact
- Support

(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Kerio Reseller
Printer Friendly Version

Viri, Worms, Spyware

Tue May 25 16:52:50 GMT 2004 Viri, Worms, Spyware

I had an incident this week where a proxy server (SME server) was brought to its knees by an excessively high amount of browsing activity. I don't know yet whether this is a virus, a worm, or some particularly screwed up spyware, but by using my Squid log analyzer we were able to see that three machines on the lan were generating an incredible amount of traffic. Interestingly, none of these machines were actually in use; all were sitting at Windows domain login, yet each was making over 1500 web accesses per hour - almost 1 every other second.

Hate these ads?

For the moment, I just had him power these boxes off. Later on they'll be isolated from the network and examined for problems. My hope is that these are just boxes that somehow missed getting virus/Microsoft updates (the company is generally pretty good about keeping on top of these things) and that whatever we have there hasn't spread to other machines.

It's not a bad idea at all to run a proxy server, and eamining the logs now and then can warn you of developing problems.

Comments /Blog/B884.html
Thanks this is a very interesting I enjoyed reading this alot I have a spyware removal board also at http://www.spywareboard.com

--

Interestingly, these same people had yet another network problem last night. I was immediately suspicious of more spyware/virus problems, but after much isolating and testing, it turned out to be a network surge protector!

--TonyLawrence

Add your comments

Why no "Digg this!" etc.?

Unix and Linux Support

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Printer Friendly Version

Views for this page
Today	This Week	This Month	This Year	Overall
1	4	18	344	2,511

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Printer Friendly Version

More:

- Blog

- SME

Unix/Linux Consultants

Your ad here - $24.00 yearly!

larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting

http://thatitguy.com Business networking servers, Linux and Unix experts. In business since 1997! Windows and Exchange to Samba and Scalix migration experts.

http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling

Coming Attractions

My Favorites

Publish your articles, comments, book reviews or opinions here!