Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: possible rooted system

from [xyberpix] Network Security [Permanent Link]
Subject: Re: possible rooted system
Date: Thu, 28 Oct 2004 20:17:07 +0100 
Setup a linux box, install ntop, and then see what that shows you.
If you decide to go this way and need any help, gimme a shout.

xyberpix


On Thu, 2004-10-28 at 19:00, Mike wrote:

If your T1 line is maxed, I would suggest you use some type of network
analyzer, like exporting netflow stats and generating reports based on that.


----- Original Message ----- 
From: "kyle" <kyle@inetconnection.com>
To: <security-basics@securityfocus.com>
Sent: Thursday, October 28, 2004 8:12 AM
Subject: possible rooted systems



I am a lan administrator at a small school system with a T1 line for the
internet. Lately I've noticed that the T1 line has been maxed, and a week
later, it still is maxed out. I strongly believe that a few systems have

been

rooted (no viruses/trojans show up on scans) and need a novell based

packet

sniffer to determine what is legitimate and illegitimate traffic. Does

anyone

know of any good ones? We run many xp and 98 boxes with multiple novell
servers. I think some of the 98 boxes are the ones that were rooted On

using

them I've noticed one common thing on every one of them at that building.
spyware beyond usage (current record 35000 entries before adaware locked

up).

I know how I can just fix it, but I need some sort of log so I can justify

my

means. ;)
Thanks
Kyle




-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Allowing scanning from home, Adam Jones
Next by Date:  Re: Securing Redhat Apache 2.0, xyberpix
Previous by Thread:  Re: possible rooted systems, Mike
Next by Thread:  Re: possible rooted systems, Adam Jones
Indexes:  [Date] [Thread] [Top] [All Lists]