jump to navigation

[Packeteer]How do I know if my network is having worm/virus related issues? April 15, 2008

Posted by ZoeL in Networking (non Cisco), Packeteer, Security.
Tags: ,
trackback

From Packeteer Technical Support Solution Database

How do I know if my network is having worm/virus related issues?

Recently, excessive network traffic due to worms and viruses has overloaded many networks and networking devices (including PacketShaper). Most likely, this kind of activity will continue in the future as well.

PacketShaper can help identify performance problems due to viruses and worms and can also help block some of this undesired traffic. However, PacketShaper is NOT a firewall or an anti-virus tool that can be used to protect a network against these types of attacks.

Packeteer recommends that you use a firewall or proper anti-virus tools to protect your network from viruses and worms. People have been experiencing severe network problems as well as problems with networking devices, but may not even be aware that they are being hit by these worms or viruses.
PacketShaper can be used to identify some of these problems, but Packeteer does not guarantee that PacketShaper will be able to prevent these kinds of attacks.

In the typical networking topology, PacketShaper sits next to the router or firewall, thereby seeing all the LAN to WAN or WAN to LAN traffic. If a worm or virus is hitting your network, you will see a high number of flows to or from certain hosts. PacketShaper can track all these flows and has the ability to display a list of hosts sorted by number of flows.

Use the following CLI command to find out if you are having excessive number of flows: host info –sf –n 50

The above command will list the IP addresses with the highest number of flows. If you see a very high number of new flows and you wouldn’t expect those machines to have that many flows, this could be the sign of attack. Also the attacks may use spoofed addresses, so you may see IP addresses that don’t even exist on your network.

After you identify the abnormal IP addresses from the above list, you can use the traffic flow command to track down what kind of flows those machines are generating. Use the following command: traffic flow –tupICA

The output of the above command displays the source and destination IP address, port numbers, Inbound and Outbound classes the traffic is hitting, and the PacketWise service name.

With this much information, you can determine what kind of attack you are having, and you will be able to take necessary measures to patch the infected machines and block unwelcome traffic in the firewall.

Following is a list of the most active worms and viruses that Packeteer is currently aware of. However, this is not an exhaustive list and new ones are coming out all the time, so please do not rely completely on this list.

My Note:
Intinya, kalau ada terdeteksi di Packeteer, flow yang gila-gilaan ke salah satu host di LAN. Perlu di cek dan di periksa. Trojan dan Worm biasanya create connection ke Internet gila-gilaan, melumpuhkan reserved bandwidth.

.end.

Comments»

1. www.youtube.com - September 17, 2013

Those using Google’s Android operating system will
now be able to use the Vine application share their
six seconds of looping video with the other 13 million users four months after it’s Apple i – OS release on January 24.

Local businesses need to set up a local Google+ page.

Now mind you, this all takes place between the hours of 10pm and
3am.

2. How To Look Attractive - July 18, 2013

And the last Kane Beatz banger that I noticed on the radio was ‘Bottoms up’ by Trey Songs featuring Nikki Minaj.
However, is there any place or occasion where style and trend cease to be effective.
You are tired of spending money for advertisement and need responsive subscribers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: