[windows2000] Re: Windows XP causing broadcast storm on network
- From: "Kevin Alexander" <kalexander@xxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Wed, 19 Nov 2003 11:33:09 -0000
Angus
Just to let you know, you were spot on - it was Welchia. As I said in my first
post, I had ruled out a virus because Norton was installed on all the computers.
However, we discovered that someone had brought in a laptop without AV
protection and plugged it into the network. It then infected all the new
systems we put in BEFORE they could pulled down auto updates from Microsoft.
Quite how it got through Norton isn't clear but fixwelchia, MS patch, change
date, reboot worked for all 6 affected systems.
Nice one, much appreciated, cheque in the post ;-)
Kev
-----Original Message-----
From: Angus Macdonald [mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx]
Sent: 17 November 2003 10:09
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Windows XP causing broadcast storm on network
If you've got Welchia, apply the pair of MS patches that close the security
vulerablilty, then set the system clock to 1/1/2004 and reboot. Welchia will
uninstall itself then.
-----Original Message-----
From: Kevin Alexander [mailto:kalexander@xxxxxxxxxxxxxxx]
Sent: 17 November 2003 10:07
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Windows XP causing broadcast storm on network
Thanks Angus. I would have expected Norton to pick that up really, although it
is a possibility since none of the machines were on the network long enough to
get all the MS updates.
I'll go and check - cheers.
-----Original Message-----
From: Angus Macdonald [mailto:Angus.Macdonald@xxxxxxxxxxxxxxxxxxx]
Sent: 17 November 2003 09:54
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Windows XP causing broadcast storm on network
The Blaster and Welchia trojans cause that sort of result. If you haven't
applied the security patches there's every chance that all your machines are now
infected.
-----Original Message-----
From: Kevin Alexander [mailto:kalexander@xxxxxxxxxxxxxxx]
Sent: 17 November 2003 09:31
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Windows XP causing broadcast storm on network
I'm hoping someone has an idea of what's causing this annoying problem!
We have a 20 user Windows 2000/XP (about 50:50 mix) network that ran with no
problems until someone bought in a laptop with XP Home installed. The moment it
connected to the network all connections and internet connection went down.
Pinging any PC on the same switch worked, but not to a different switch.
Looking at the lights on each switch in the path from this laptop to the router,
the lights were flashing like mad. Disconnecting the laptop got the network
back within 30 seconds.
We took the laptop out of the network and thought no more about it until we put
some new computers in. We now have 3 XP Pro PCs and 2 XP Home laptops that are
doing the same thing. They seem to set each other off - 2 of the PCs were fine
for a few hours until the other connected, now any of the 3 cause the network to
stop working. All systems are using DHCP from a Netgear FR114P router, which
then NATs to a broadband connection.
Sounds a little like a virus, but we installed Norton, with updates, and it
picked up nothing.
Any ideas anyone? I haven't got a traffic sniffer, but if you know of a good
free one that might give some clues.
Thanks
Kevin
DISCLAIMER:
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to which they are addressed. If
you have received this email in error please contact the sender or the Ionix IT
Helpdesk on +44 (0) 1223 433741
DISCLAIMER:
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to which they are addressed. If
you have received this email in error please contact the sender or the Ionix IT
Helpdesk on +44 (0) 1223 433741
___________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which they
are addressed. If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________
Other related posts:
