Announcement

Collapse
No announcement yet.

Abnormal network usage.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Abnormal network usage.

    I think I have a abnormal traffic on my network. I have used TCPview from sysinternal and I have suprisingly many DNS.exe process. I have taken a screen dump and uploaded it here. http://peecee.dk/upload/view/339428 This is on on a Domain Controller on a 2003 server R2

    Does it mean I have a virus on my server? I have downloaded and used this scanner from MS http://www.microsoft.com/security/sc...s/default.aspx and it did not find anything.

    What to do?

  • #2
    Re: Abnormal network usage.

    Try some other standalone AV tools such as McAfee's STINGER
    Are you providing public DNS services?
    How many clients do you have?
    When did it become "abnormal"?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Abnormal network usage.

      Are you providing public DNS services?
      How can I be sure that I am not?

      I have between 3 and 4 clients online at the time.

      Comment


      • #4
        Re: Abnormal network usage.

        Does DNS provide your public name services e.g. www.company.com or does an ISP handle that for you?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Abnormal network usage.

          I use a free service. www.gratisdns.dk

          Comment


          • #6
            Re: Abnormal network usage.

            McAfee(r) Labs Stinger(tm) Version 10.2.0.408 built on Dec 2 2011
            Copyright (c) 2011 McAfee, Inc. All Rights Reserved.
            Virus data file v1000.0000 created on Dec 2 2011.
            Ready to scan for 3515 viruses, trojans and variants.
            Scan initiated on Mon Dec 05 16:47:17 2011
            Rootkit scan result : Clean

            Master Boot Record(s):....2
            Possibly Infected:.............0
            Boot Sector(s):.................2
            Possibly Infected: ............0
            Number of clean files: 9473

            This is the stinger log after running on my exchange server. Should I be concerned that I have 2 MBR and 2 Boot sectors when I thought I only have one?

            Comment


            • #7
              Re: Abnormal network usage.

              When I run Stinger on a windows 7 system it cannot scan for rootkits "Rootkit scan result: not scanned"

              Comment

              Working...
              X