Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Tracking virus contaminated LAN client

Posted on 2004-10-28
6
Medium Priority
?
378 Views
Last Modified: 2011-10-03
I run a Win2003 server with GFI Mail Security. Unlike other AV products I have used, especially on Linux platforms, GFI does not indicate where the virus came from, no IP, nothing. Does anyone know of any software which I can run analyse the LAN and can tell me the IP of the client(s) which are sending mass emails because of virus infection.
I have used ethereal but the info it produces on all network traffic is just too much!
0
Comment
Question by:garywowen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
6 Comments
 
LVL 7

Expert Comment

by:shahrial
ID: 12433865
Ethereal is a good choice...set filter to capture only SMTP, POP3, IMAP, HTTP traffic.
For best effect, read the manual...;-)

Ethereal User Guide V2.00 for Ethereal 0.10.5
http://www.ethereal.com/docs/user-guide/
0
 
LVL 7

Accepted Solution

by:
shahrial earned 500 total points
ID: 12443307
Next, you can use GFI LANguard Network Security Scanner (N.S.S.)
http://www.gfi.com/lannetscan/

Automatically detect security vulnerabilities on your network
GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays the devil's advocate and alerts you to weaknesses before a hacker can find them, enabling you to deal with these issues before a hacker can exploit them.

Provides in-depth information about all machines/devices
GFI LANguard N.S.S. scans your entire network, IP by IP, and provides information such as service pack level of the machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results can easily be analyzed using filters and reports, enabling you to proactively secure your network - for example, by shutting down unnecessary ports, closing shares, installing service packs and hotfixes, etc.

Patch management
GFI LANguard N.S.S. is also a complete patch management solution. After it has scanned your network and determined missing patches and service packs - both in the operating system (OS) and in the applications - you can use GFI LANguard N.S.S. to deploy those service packs and patches network-wide. It can also deploy custom software network-wide.

Good Luck ...;-)

0
 
LVL 7

Expert Comment

by:shahrial
ID: 12443317
Errr... btw, you can download a free trial,
http://www.gfi.com/downloads/downloads.asp?pid=8&lid=1

This should get you started...;-)
0
 
LVL 1

Expert Comment

by:thegeezer
ID: 12652628
consider a program like Norton SAV? this will let you install to, keep updated and scan the whole network with three mouse clicks... alternatively Panda Software do somethin that works well too

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question