Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: possible rooted systems

from [David Gillett] Network Security [Permanent Link]
Subject: RE: possible rooted systems
Date: Thu, 28 Oct 2004 12:31:21 -0700 
  It is, of course, possible that you have one or more compromised
machines on your network.  But when I've seen Internet connections
max out, it has been due to P2P file-sharing at least as often as
compromised systems....

Dave Gillett



-----Original Message-----
From: kyle [mailto:kyle@inetconnection.com]
Sent: Thursday, October 28, 2004 5:13 AM
To: security-basics@securityfocus.com
Subject: possible rooted systems


I am a lan administrator at a small school system with a T1 
line for the 
internet. Lately I've noticed that the T1 line has been 
maxed, and a week 
later, it still is maxed out. I strongly believe that a few 
systems have been 
rooted (no viruses/trojans show up on scans) and need a 
novell based packet 
sniffer to determine what is legitimate and illegitimate 
traffic. Does anyone 
know of any good ones? We run many xp and 98 boxes with 
multiple novell 
servers. I think some of the 98 boxes are the ones that were 
rooted On using 
them I've noticed one common thing on every one of them at 
that building. 
spyware beyond usage (current record 35000 entries before 
adaware locked up). 
I know how I can just fix it, but I need some sort of log so 
I can justify my 
means. ;)
Thanks
Kyle
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Allowing scanning from home, Brandon Foley
Next by Date:  Re: possible rooted systems, kyle
Previous by Thread:  RE: possible rooted systems, AndrewC
Next by Thread:  RE: possible rooted systems, Beauford, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]