Re: [AFMUG] OT: firewall maintenance

[Robert Andrews]

Congratulations...   Looking forward to more rational discourse from the 
newer RNA strings...

On 5/8/17 7:49 PM, Steve Jones wrote:
So this weekend I discovered a Trojan virus on my network. Sometime
around January we had opted to remove an old firewall that had met its
product life cycles end. We were still in the process of deciding
whether to continue with temporary firewalls or look toward more
robust input/output chain policies for a hardened, more permanent
solution. In the mean time, of course, we continued to do the
upload/download thing. We had some suspicion that there was something
going on, we noted alot of broadcast storms, particularly in the
mornings. The network had become particularly sluggish and there
seemed to be alot of application bloat, initially i just attributed
this to poor code maintenance resulting in a memory leak.
We did a basic Netstat this weekend and discovered a traffic anomaly.
So we went to a professional and had them run a packet sniffer. We had
verification of foreign code, likely for as long as 6-8 weeks.
It will be layer 3 in this case but its too early to tell whether this
codes payload will be TCP or UDP, we will be monitoring as the code
replicates. This is a pretty common virus, as a matter of fact we have
all had it at one point, probably so long ago we dont even remember.
We anticipate The fully formed packet chain to leave NAT mode and be
fully routed out to the WAN in December.