First page Back Continue Last page Overview Graphics
Fighting Infection
With the creation of Windows comes viruses. These viruses can move quickly throughout a network. If cleaning up the virus leaves out a host, it's possible to experience reinfection.
SQL Server Slammer Worm (January 2003)
- Use arp-spoofing (dsniff/ettercap) techniques to alter visibility (if needed).
- Use etherape/netman to get an overall picture.
- Use nmap to identify open ports (the way it spreads).
- Use tcpdump to closely examine packets.
Notes:
The tools under Unix/Linux are so powerful that your network team should consider deploying at least one box per network segment strictly for use in troubleshooting and quickly assessing the damage from a network virus.