Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Mark R on May 04, 2004, 04:35:56 PM

Title: Trojan Help (ringzero)
Post by: Mark R on May 04, 2004, 04:35:56 PM

Hi All,

i have SME installed on my network running Gateway/Server mode, is there any add-on which allows me to see live data on which ports etc are being used by which terminal?

reason for this is that i have done a security scan from the sygate site and its telling me i have a ringzero trojan???

Is there an easy way to find out which terminal is infected?

thanks in advance

Mark R

Title: Trojan Help (ringzero)
Post by: Souley on May 04, 2004, 04:55:55 PM

More info about it :
http://www.sophos.com/virusinfo/analyses/trojrhino.html
http://securityresponse.symantec.com/avcenter/venc/data/ringzero.trojan.html#technicaldetails

Not really sure that you have this trojan on your network

Have you some MS boxes ?

Best regards
Souley

Title: Trojan Help (ringzero)
Post by: Mark R on May 04, 2004, 05:15:27 PM

Thanks for your reply..

I do have some MS boxes(I know I know, i should know better)


Cheers
Mark

Title: Trojan Help (ringzero)
Post by: Souley on May 04, 2004, 05:18:59 PM

Is your gateway acting like a proxy ?
In this case i don't think you're infected
Look at the symantec fix method & look after your ms boxes  :hammer:  :hammer:  :hammer:

Cheers
Souley

Title: Trojan Help (ringzero)
Post by: Mark R on May 05, 2004, 10:36:31 AM

Thanks Souley..

Do you know of any addon that shows you which terminal is using which ports etc?

thanks again
mark

Title: Trojan Help (ringzero)
Post by: Souley on May 05, 2004, 10:40:00 AM

Hi
You can try

Code: [Select]

netstat -a
 :-D
regards
Souley