General discussion

Locked

Need to catch a virus spreader

By MLevy ·
Need some advice on catching a virus spreader. I am on a network that is shared between several departments and I only have control over the PC in my group. I am running McAfee 8i and ePO 3.1.2 on all my PC's and I am constantly getting pounded by machines from another part of the network with lovegate. All I get from the McAfee & ePO logs is the username of the offender, no IP or computer name. I have called the netadmin responsible for the domain that this username is a part of but he says it's a generic name used on their production floor by 80 or so computers and he does not have the time to check them all.
How can I identify the IP or computer name of the machine that is pounding my computers with virus traffic. Any free solutions would be ideal as $$ is tight here.
Thanks,
-MLevy

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jt In reply to Need to catch a virus spr ...

The easiest way would be to drop some sort of intrusion
detection sensor on the network. Look into Snort
www.snort.org An even easier way to pull this off would be to
download the bootable Network security toolkit iso from
www.networksecuritytoolkit.org.

Keep in mind that if your on a switched network you will need to
configure monitoring ports on your switches to catch all traffic,
if the virus is broadcasting (which it appears to be doing) this
should not be an issue. Snort will fire a large amount of alerts
unless you tune the ruleset be aware that not all these alerts are
bad and most will be legitimate traffic. Reading the
documentation on snorts site will help you with this aspect.

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums