The sasser worm seems to ignore local networks and was only trying to get to external IPs. I tried ethereal and got no probes on the local net. I did lock down 445 external but the Xincom has really weak logging so I couldn't get any info from it. Thanks though....
I unplugged one switch at a time till the activity stopped... then I put it back on and unplugged each active connection till the activity stopped. It was a completely unpatched 2000 machine with no anti-virus software... The agent is hanging by his neck in front of the building.... Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ncl Admin Sent: Thursday, April 27, 2006 11:04 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Way OT: Find a virus in my network At 10:29 AM 4/27/2006 -0400, you wrote: >Marc Catuogno writes: > > Anyone have any suggestions short of unplugging one Cat5 cable at a time? > > Marc Why not just scan your network from a XP box using something like Networkactiv.com PIAFCTM. Just lock down and look for 445 activity on the inside of your network. Then you can find the machine most likely. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
