omg, lol, this was funny On Tue, May 9, 2017 at 12:37 PM, Bruce Robertson <br...@pooh.com> wrote:
> Yep, reading down list, I see my suspicions were correct. Definitely > congrats, and well written! > > > On 5/9/17 9:30 AM, Bruce Robertson wrote: > >> Ummmm... congratulations? >> >> On 5/8/17 7:49 PM, Steve Jones wrote: >> >>> So this weekend I discovered a Trojan virus on my network. Sometime >>> around January we had opted to remove an old firewall that had met its >>> product life cycles end. We were still in the process of deciding whether >>> to continue with temporary firewalls or look toward more robust >>> input/output chain policies for a hardened, more permanent solution. In the >>> mean time, of course, we continued to do the upload/download thing. We had >>> some suspicion that there was something going on, we noted alot of >>> broadcast storms, particularly in the mornings. The network had become >>> particularly sluggish and there seemed to be alot of application bloat, >>> initially i just attributed this to poor code maintenance resulting in a >>> memory leak. >>> We did a basic Netstat this weekend and discovered a traffic anomaly. So >>> we went to a professional and had them run a packet sniffer. We had >>> verification of foreign code, likely for as long as 6-8 weeks. >>> It will be layer 3 in this case but its too early to tell whether this >>> codes payload will be TCP or UDP, we will be monitoring as the code >>> replicates. This is a pretty common virus, as a matter of fact we have all >>> had it at one point, probably so long ago we dont even remember. We >>> anticipate The fully formed packet chain to leave NAT mode and be fully >>> routed out to the WAN in December. >>> >> >> >> >