• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

A new variant of sasser or blaster? Losing mapped drive without losing connectivity.

I think i may have a new variant of sasser or blaster on my network.

What is happening,

After trying to solve a netowrking issue on a network of a friend, i brought there windows 2000 server on my network and it affected my network in the same manner.

I tried multiple anti-virus, spy remover, microsoft tools and i can't find any bugs.

The problem is basically a very slow file sharing on the network. At some points, especially when the sp2 firewalls are on, the computers may freeze and if i disconnect them from the netowrk, they come back like magic.

2-3 times a day i loose my mapped connections (a message saying that the security may have been compromised appears and that this drive letter is already in use). I can still ping perfectly all computers and beside logging off and on again, i can't find another way of reestablishing the drive connections.

I tried to format computer one by one and even my server but the problems come back very fast.

Even with only one computer and the server with a crossover (without internet) i got the same problems.

I tought of blocking all modifications in registries and settings with spybot S&D teatimer but still i can'T see modifications, i just see the problem.

My questions:
1. What can i do to find the bug if Symantec and Mcafee never saw it before.
2. Knowing how to surf packets with etherreal, is there any way to find those or i have to know all packets and what they do?
3. Any suggestions or help will be appreciated, i can even pay someone a reasonable fee to log on by VNC or webex to help me. If that persons lives in Montreal, i can arrange a weekend meeting.
4. Is there any virus that affect only file sharing?
5. I disabled all firewall and surfing trough folders on my server across my network, there was some that i couldnt reach... after logging out and looging in, i could with no problem. Sometimes it only takes 10-15 minutes and without logging of i can connect again.

Hopefully one of you is an expert enough to help me and believe me that when it comes to basic settings and networking, i'm an expert myself. I'm a tech support on major networks and i have my CCNA and multiple other certs, i just can't find this answer!

On both networks the problems appeared at one point while the network or part of the network was connected with another network directly without routers.

Thanks!

Richard
0
mdalionheart
Asked:
mdalionheart
  • 4
  • 4
1 Solution
 
rindiCommented:
Check the DNS server settings of your 2000 server have been setup correctly. On the clients make sure they only have the dns entries of your internal server, and not also those of your ISP (or any dns server outside of the Lan). Maybe you will have to change your dhcp server's settings so that this info is correctly advertised to the client PCs.

Turn off any network protocolls other than those needed, just leave tcpip.
0
 
JohnnyCanuckCommented:
Try swapping out the ethernet card in the server, it might be sending malformed packets.
0
 
mdalionheartAuthor Commented:
Rindi,

You may be on the right track with this because i do have my dns of my isp in my DHCP. I changed it and it will take a day to see if the network is more stable or not.

The only question i have regarding this is: Why did the problem start on that day, and how come it could create this kind of problems.

Should the server have the isp dns? Should they be in the dns settings on the tcpip stack or somewhere else to ask the server to syncronise with those?

Thanks!

Richard
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
mdalionheartAuthor Commented:
Johnny,

It looks like a good thing to try but i feel it cannot be that because it happened at exactly the moment i plugged in that other server.
If the DNS settings or other software options fails, i may have to rever to replacing hardware.

Thanks

Richard
0
 
rindiCommented:
The server needs the  dns of the web (not necessarily those of your ISP, but usually those are used). That way, your PCs will first query your local servers for any local addresses, then if the entry isn't found, the server forwards the requests to the web. From there the requests will in turn be passed on until the name is found (or not). Some dns servers will cache requests so they are found faster the next time.
0
 
mdalionheartAuthor Commented:
Why would this DNS problem start 3 weeks ago.  I had those DNS seetings the same way for years now and it never caused any problem.

The problem started only 2 weeks ago when i connected a problematic server to my network just to get internet access on it to download updates and patches.

I still have to wait at least 1 day to see if the DNS correction fixed this problem.
0
 
rindiCommented:
Sorry, I don't know why it should suddenly have caused the problem, but things often work (or don't work) that way. A missconfiguration sometimes does not harm for a while, and then suddenly start causing problems.
0
 
mdalionheartAuthor Commented:
Thanks Rindi!

You are trully an expert and helped me alot! It was the problem! I didn't think that somebody would find it this fast!

Richard
0
 
rindiCommented:
Thanks, too
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now