Are you using ASDM? Can't you filter the builtin realtime log viewer in a way that might show you the infected machines? (It's been a long time since I've used ASDM...)
On Mon, Oct 3, 2011 at 2:59 PM, John Aldrich <jaldr...@blueridgecarpet.com>wrote: > Email blocklist: cbl.abuseat.org for "attempting to make contact to a > Torpig > Command and Control server at 91.20.221.209, with contents unique to Torpig > C&C command protocols." > > > > From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] > Sent: Monday, October 03, 2011 1:54 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > Can you expand on "blacklisted"? Which blacklist and for what type of > traffic? > ________________________________________ > From: John Aldrich [jaldr...@blueridgecarpet.com] > Sent: 03 October 2011 6:22 PM > To: NT System Admin Issues > Subject: Torpig/Anserin/Mebroot infection > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ________________________________________ > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > Registered in England and Wales No. 402570 > VAT Registration GB 100 1464 84 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin