Re: Virus or something???

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 28 May 2003 06:10:55 -0700

What are the IPs this traffic is going to?
What ISA log entries show this traffic?
Do you use ISA Caching (cache or Integrated mode)?

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!



http://www.ISAserver.org


Hi All,

I need your help with a problem and I hope somebody is willing/able to help me.
Since today I noticed a considerable drop in my internet connection speed.
While investigating the problem I found that some program is trying to make a 
lot
of TCP connections to a far smaller number of IP adresses somewhere in the US.
The connection attempts are made over a wide range of portnumbers.
My problem is that I cannot determine which program is making al these 
connection attempts.
Netshield cannot detect any virus, neither have I found any spyware.
An initual search through the directory structure of the server running isa 
didn't come up with any strange software.
As far as I can tell all these request are initiated on the server running isa.

I'm probably missing something very simple, butt can anyone tell me how i can 
find out which program is the source of all this?

Thanks,
Fokke Sijbrandij


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Virus or something???
• » RE: Virus or something???
• » Re: Virus or something???
• » RE: Virus or something???
• » RE: Virus or something???

1. Home
2. isalist
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---