Hi, This is a trace of Nimda and code Red worm....First thing you can do is Run a Nimda/code Red scanner in your network and then Apply IIS patch for all the affected Microsoft Server.Also you can secure your Network perimeter by configuring NBAR on cisco routers or if you have a content switch you can try filtering Nimda on that...or if you have an IDS,you can configure shunning the source.
Kind Regards /Thangavel 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk ---------------------------------------------------------------------- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela -------------------------------------------------------------------- "a. ahmad" cc: Sent by: Fax to: nobody@groups Subject: Virus Attack and how to tackle it? [7:44936] tudy.com 24/05/2002 08:16 Please respond to "a. ahmad" Dear Members, 1-We are getting Virus attack message on our proxy(Squid)Machine not only from our own IP Pool but also from outside, Please guide how to tackle it as it is constantly chocking our Bandwidth. i.e. one of the virus attack message we are getting on our proxy(squid) machine is as under:- 1022226226.976 5 202.192.204.130 TCP_Miss/503 1210 Get http://www/_mem_bin/..%255c../..%255../..%255../winnt/system32/cmd.exe? - DIRECT/www - 1022226228.156 6 202.192.204.130 TCP_Miss/503 1266 Get http://www/msadc/..%255c../..%255c../..%255c../..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www - 1022226229.324 3 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www - 1022226230.625 23 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%2f../winnt/system32/cmd.exe? - DIRECT/www - 1022226231.841 8 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%af../winnt/system32/cmd.exe? - DIRECT/www - ...............................................................................................................................etc etc 2- we want to trace that which IP's are utilizing our maximum bandwidtth so that we can limit that trafiic accordingly in order to get Maximum efficiency? Thank you in advance! Ahmad ********************************************************************** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ********************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44938&t=44936 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]