I love packet sniffers

I had a user that was getting FunLove virus alerts on a daily basis. Ran the anti-virus, ran the update, ran custom anti-virus manual cleansing routines. Finally checked her permissions. Duh! File and print sharing was on and her C: drive was open to anyone who could get through our firewall. Disallowed sharing and taadaa! no more virus alerts.

I figured the source of these infections had to be within the company somewhere but we have business units all over the world and what with the trusted/ing relationships with NT networks, there was no way of telling just where the attacks were originating. Until I thought of using a packet sniffer.

Since I wasn't getting any other reports of virus activity, I decided on a little experiment. I found an old unused box and set it up with file and print sharing on, attached a packet sniffer to it and started logging all ip activity. Less than 12 hours later we had contact. Looking through the logs, I found a few bits of clear text in the packets that showed the offending box was based at one of my parent company's subsidiaries, Penguin books, UK. Other business units have been infected by this box and finding it's IP address and general location has made me the hero for the day.

Post #2,894 by DonRichards 7/26/01 11:50:29 AM Reply	I love packet sniffers I had a user that was getting FunLove virus alerts on a daily basis. Ran the anti-virus, ran the update, ran custom anti-virus manual cleansing routines. Finally checked her permissions. Duh! File and print sharing was on and her C: drive was open to anyone who could get through our firewall. Disallowed sharing and taadaa! no more virus alerts. I figured the source of these infections had to be within the company somewhere but we have business units all over the world and what with the trusted/ing relationships with NT networks, there was no way of telling just where the attacks were originating. Until I thought of using a packet sniffer. Since I wasn't getting any other reports of virus activity, I decided on a little experiment. I found an old unused box and set it up with file and print sharing on, attached a packet sniffer to it and started logging all ip activity. Less than 12 hours later we had contact. Looking through the logs, I found a few bits of clear text in the packets that showed the offending box was based at one of my parent company's subsidiaries, Penguin books, UK. Other business units have been infected by this box and finding it's IP address and general location has made me the hero for the day. "When it crosses my mind to do something, I don't ask why, I ask why not. And usually there's no reason not to, so I just go ahead. It's given me the strangest collection of hats"
Post #2,913 by CRConrad 7/27/01 4:49:01 AM Reply	Question: What was your question, again? :-)
Post #2,926 by DonRichards 7/27/01 9:08:06 AM Reply	Heh, heh, heh. Obviously, the question that is implied is, "Where the hell should I post this?" And, just as obviously, your answer is "Not here." "When it crosses my mind to do something, I don't ask why, I ask why not. And usually there's no reason not to, so I just go ahead. It's given me the strangest collection of hats"
Post #3,002 by static 7/30/01 6:51:36 AM Reply	I'd've put it in Windows... "All around me are nothing but fakes Come with me on the biggest fake of all!"

Welcome to IWETHEY!