Virus/DDoS attacks!

[SteveC]

Hi all,

anyone seeing any major virus problems on their networks at the moment? Our London office's network seems to be running at breaking point with ICMP traffic attacking one IP address of some hosting company. Our poor routers are flat on their back, knocking out part of our VOIP phone system.

All AV is currently saying nope - nothing found. Sent a sample file to Network Associates and they say it's possibly a virus, but with no payload and they will investigate...

[Guest 27300]

Quote:

Originally posted by SteveC
Our London office's network seems to be running at breaking point with ICMP traffic attacking one IP address of some hosting company.

I don't really get the thrust of this... are you the hosting company suffering a DDoS, or is this traffic on your network going *out* and hosing someone else's site?

If it's the former, nothing you can do about it except install some upstream filtering to drop the crud that's coming in. If the latter, then you need to get some AV/ASpyware checking done pronto - maybe even disconnecting the source machines until they're clean?

[SteveC]

It was the latter - we ended up taking down the whole network and piecing it back together floor by floor and found the culprit. The traffic was so bad we couldn't even put a filter on our router

All alright now tho!

[SteveC]

Finally McAfee get their backside in gear - http://vil.nai.com/vil/content/v_126341.htm

[Coolhand]

Symantec sent out a warning about Korgo on the 2nd June.

It's exploiting MS04-011, which is so well publicised after the sasser outbreak I'm stunned you hadn't made sure you were patched against it.

[SteveC]

Tell me about it - it's not our central office, but the support guys there will be getting severely told off...