RE: Being Attacked...HELPED

• From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 5 May 2005 12:55:58 -0500

First, identify the offending program.  Then, go read something about
it.  Next, apply said gained knowledge to remove it. Rinse, repeat if
required.

On a side note, after you remove it from a system, don't plug it back in
until you're sure it won't get infected again.

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Thursday, May 05, 2005 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

You will have to find a way to remove all traffic from your lan.

Remove all the cables from your switches like you have been told before,
replace them one by one until you find the culprit(s). Do not replace
the culprit(s) til you have cleaned your infection.

S 

-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx] 
Sent: Thursday, May 05, 2005 2:38 PM
To: ISA Mailing List
Subject: [isalist] RE: Being Attacked...HELPED

http://www.ISAserver.org

How would I stop this...I know some machine may not be up to date with
MS updates.

Help!!!

-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 2:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

Ok, then you probably have multiple switches/routers in your lan.  Start
pulling it apart and seeing if it comes back when you start hooking
things up.  If it does, unplug and keep going.  If it's coming from all
of the different segments, then good luck..... I hope you're not doing
anything important tonight......

-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

Yikes!  200 +

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, May 05, 2005 2:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

How many pc's in your lan?

Shut them all down and start them up one by one.

S 

-----Original Message-----
From: Scott [mailto:scott.clarke@xxxxxxxxxxxx] 
Sent: Thursday, May 05, 2005 1:52 PM
To: ISA Mailing List
Subject: [isalist] Being Attacked...HELPED

http://www.ISAserver.org

I am seeing a lot of Trinoo, HTTP, and HTTP Cross Site scripting
attacks. 
Both Trinoo and HTTP are coming from internal user machines and Cross
site coming from 0.0.0.0

This only started happening recently...HELP!!!

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » Re: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED
• » RE: Being Attacked...HELPED

1. Home
2. isalist
3. Archive
4. 05-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---