Re: IP Flooding

Discussion in 'Computer Security' started by StarScripter, Aug 19, 2003.

  1. StarScripter

    StarScripter Guest

    ==> *Hamish* from:
    ==> scribbled in: rup0b.46046$

    > I have a Win2K server that is demonstrating signs of IP spoofing and
    > Denial of Service. The server connects to the internet via a DUN
    > connection shared using ICS. In the last two days the network has slowed
    > to nothing and several network apps including mail and web access have
    > failed while trying to access resources on the server or on the external
    > network.
    >
    > I have noticed that while the DUN connection is active the modem and DUN
    > properties indicates a constant stream of data being uploaded from the
    > server. The network functions normally when the DUN connection is
    > disabled.
    >
    > The problem is not ISP specific as I have tried alternates. There is no
    > firewall present (please no lectures, its not my network).
    >
    > Can anyone help me to isolate the cause of this problem?


    Hi,

    It's probably the w32.welchia worm looking for the msblaster worm to try and
    remove
    it. So the whole planet is being scanned, it's like the blind leading the
    blind.
    More info here:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
    and here:
    http://vil.nai.com/vil/content/v_100559.htm

    HTH


    --
    Cheers,
    Star
    --
    StarScripter, Aug 19, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt

    Router Flooding Interface

    Matt, Jul 10, 2003, in forum: Cisco
    Replies:
    2
    Views:
    2,319
    Michael T. Hall
    Jul 11, 2003
  2. Peter Boutzev

    Catalyst 3524 unicast flooding

    Peter Boutzev, Feb 21, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,157
    Peter Boutzev
    Feb 23, 2004
  3. David Reinhart

    wlbs and catalyst 3750 port flooding

    David Reinhart, Feb 23, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,547
    Peter Boutzev
    Feb 23, 2004
  4. Graham Broadbridge

    C2950 and Multicast flooding

    Graham Broadbridge, Feb 24, 2004, in forum: Cisco
    Replies:
    9
    Views:
    4,916
    Michael Janke
    Feb 26, 2004
  5. RJ45
    Replies:
    1
    Views:
    1,531
    Hansang Bae
    Jul 30, 2004
Loading...

Share This Page