Is there a package available will easily (for a beginner/novice) identify
virus, trojan and D-O-S activity on a network? I'm thinking along the
packet capture line such as TCPdump with prebuilt filters for common
threats.
Any advice would be appreciated. Unfortunately, I don't have time to
experiment and learn how to track it down right since this system is in use
24x7, except for when the entire system dumps each night (always within the
same ~2 hour window).
Here the situation...I have three subnets with 24 workstations each. Each
subnet has a server to provide a lookup DB to the workstations in that
subnet. The subnets are switched and also physically connected for
flexibility and administration. This is private LAN that is that is
serially connected to 9 other remote private LAN's. Each night a subnet
will start having lookup timeouts that quickly worsen and spread to effect
the other subnets. Broadcast traffic goes through the roof according to
netstat and the switches but without an analyzer the source can't quickly be
identified. Rebooting the systems fixes it but leaves no time to
troubleshoot. So I hope to be able to watch the wire from a box to track
this down.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Suspicious activity on the wire Rod Waldren
-
