[THIN] Re: Known ICA vulnerabilities?
- From: "Matthew Shrewsbury" <MShrewsbury@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 23 Mar 2006 14:51:34 -0500
I've actually already tried all those suggestions but I will try again
with different software. Thanks for the suggestions! Do you know of any
good online virus scanner? I've used Trend in the past but it seems like
there new online website is hopelessly slow now.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Parr
Sent: Thursday, March 23, 2006 2:41 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Known ICA vulnerabilities?
Run an online scan like Trend Micro - maybe your Virus program is not
working properly and your infected.
Also do some spyware scans.
If you run NETSAT from command line can see if servers are trying to
connect to somewhere they should'nt be or if something is coming inbound
that should not be.
When your servers are runing fine would be good time to run the scans.
-----Original Message-----
From: Matthew Shrewsbury [mailto:MShrewsbury@xxxxxxxxxxxxxxx]
Sent: Thursday, March 23, 2006 2:22 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Known ICA vulnerabilities?
That's the problem, when the system starts going slow I can't see what
processes are running. I managed to get Task Manager up one time but all
I could see what the CPU and it pretty much froze when I tried to look
at the tasks.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Parr
Sent: Thursday, March 23, 2006 2:17 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Known ICA vulnerabilities?
Do a packet sniff on the LAN to see if anything out of the ordinary.
What processes can you see running on the Citrix boxes when it slows
down?
-----Original Message-----
From: Matthew Shrewsbury [mailto:MShrewsbury@xxxxxxxxxxxxxxx]
Sent: Thursday, March 23, 2006 1:59 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Known ICA vulnerabilities?
He worked mostly on PCs and LAN and had no access to routers. I found
that when the problem occurs that unplugging the server from the network
doesn't make any difference. It still grinds to a hault with no CPU or
disk activity.
Thanks for the into!
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Parr
Sent: Thursday, March 23, 2006 1:59 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Known ICA vulnerabilities?
What did he work on?
Maybe switches\routing? Perhaps he has created problems by rearranging
the uplinks or maybe a conflict with 10/100 vs Gb ports\switches\nics.
Maybe ACLs created on routers or some other fudging. Had that happen
recently at a site where jr. tech created loop by incorrectly placed
uplink and same thing where the Citrix servers at that site where up and
down till someone discovered the mistake.
-----Original Message-----
From: Matthew Shrewsbury [mailto:MShrewsbury@xxxxxxxxxxxxxxx]
Sent: Thursday, March 23, 2006 1:36 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Known ICA vulnerabilities?
We had a Network Engineer leave (not on good terms) and since then I've
been experiencing problems with our Citrix servers locking up. Maybe I'm
just paranoid but the problem started happening right after he left and
generally occurs between 10am and noon (never had problems before this).
It doesn't happen everyday but has occurred on both of our servers
(win2K SP4/PS4). The server seems to just go slow with no disk or CPU
utilization.
Are there any known ICA vulnerabilities? Both of these servers have port
1494 open facing the Internet. Any suggestions would be most helpful as
I can't get on the server to diagnose when the problem occurs and all
logs show things are normal.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
Other related posts:
