Virus found on site, how you can help.

Status
Not open for further replies.

froglips

New User
Jim Campbell
Evil! Its out there!

We have found something unwelcome (much like a tick or powder post beetles) that we have promptly exterminated.

Life on the information stuperhighway is always going to be a tug of war between two elephants eating cheesecake.

I wanted to just take this opportunity to say that if you find something through your virus scanner or just have that funny feeling things here aren't "smelling so good", don't hesitate to open a Help Desk thread.

I can't promise we can find/fix/deodorize every issue, but we'll sure do our best.

We are currently assessing the extent of this attack, but it looks like someone left a backdoor open for future shenanigans.

Thanks,
Jim
 

ehpoole

Administrator
Ethan
Let me know if you all need any help.

A couple of questions come to mind though (you've had several successful attacks lately):

1) How well chroot'ed are your daemon processes?

2) Are you running regular fingerprint (in addition to antivirus) scans? Fingerprint scans (which can be as simple as MD5 sums) are very good at identifying which files have been altered since the last fingerprint database was generated -- which can make it much easier to find compromised configuration files and binaries at will.

I know how much fun this can be, my servers are attacked several million times each day. Thankfully, [knock on wood] their last successful attack was back in 1999/2000 to an OpenSSH vulnerability.

Good luck!
 

CarvedTones

Board of Directors, Vice President
Andy
How well chroot'ed are your daemon processes?

The pickup line of the new millenia... :rotflm::rotflm::rotflm:


An actual suggestion to Jim - it would be nice if you identified viruses by name when you find them so those of us with concerns can check our scanners to be sure they have a definition for it and haven't let it in or removed it or YIKES!
%^~~~~
 

scsmith42

New User
Scott Smith
Not trying to hijack this thread.... but since I'm the guy that the virus "found" before we found the virus... it's related.

Despite latest copies of Norton, the virus still found a way to do some partial damage to my computer before SONAR discovered and disabled it.

My question for the very savvy network guys is this - what would be a good choice for a hardware firewall, and is this the best way to secure my network? We have a small office/home office setup, and it includes a dedicated server for my wife's veterinary practice (accessed both remotely (VPN) and via a wifi network here at the farm). I'd like to step up the security to a higher level.

One person recommended a cisco PIX (sp?) firewall, but from what I've seen they haven't been produced in a few years.

We have a dsl service with a fixed ip and VPN capability for the server.

I'm looking for something that is pretty thorough; for whatevever reason I'm nervous about using a 70 dollar Linksys firewall if there is something that would offer more protection (with a reasonable cost - say under a grand).

Thanks in advance for the advice.

Scott
 

CarvedTones

Board of Directors, Vice President
Andy
Scott,

A few things to think about...

No matter how quickly they get definitions out, viruses are going to reach some people before the fixes do. Hardware and software firewalls and AV are a good idea but none of them will make you completely safe.
On my professional box, I run Windows 7 in the most annoying mode possible. It asks my permission to perform fairly mundane tasks. Lots of my coworkers turn down the UAC settings so it is less irritating. One of them lost the entire contents of his hard drive.
What I am getting at is that you have to get in the way of this stuff personally if you absolutely don't want bad things to happen to a machine. Hardware and software can get you most of the way there and cut your odds of getting hit substantially, but they can't get it all and still provide the functionality you need for the "right places".
 

KenOfCary

Ken
Staff member
Corporate Member
...
One person recommended a cisco PIX (sp?) firewall, but from what I've seen they haven't been produced in a few years.

We have a dsl service with a fixed ip and VPN capability for the server.

I'm looking for something that is pretty thorough; for whatevever reason I'm nervous about using a 70 dollar Linksys firewall if there is something that would offer more protection (with a reasonable cost - say under a grand).

Thanks in advance for the advice.

Scott

Scott,

Firewalls are actually pretty simple devices, an input port and an output port with a set of rules (filters) that monitor and control what gets sent from in to out and vice versa. The thing you might get in an expensive versus simple firewall are stateful versus stateless examination of the traffic. Stateful just means it pays attention to previous portions of a transaction to determine what to do about the current portion of the transaction. You can get a lot of protection from a simple firewall just using the cardinal rule that everything not specifically permitted is denied. This is the default for most all firewalls.

Linksys, btw is now owned by Cisco and their software has been steadily showing that influence, so the Linksys might not be a bad choice for a SOHO (Small Office, Home Office) setup. I haven't really looked at them so can't say one way or the other.

I personally don't run an external firewall on the home office network but make use of the firewall that is built into the Linux operating system on the server. I do however run an IDS (Intrusion Detection System) on the network that monitors all traffic and looks for attack patterns in the network data flows. There are at least a few attempts every day and sometimes many more.

Perhaps this should be taken to another forum or offline.

Ken, who is a Sr. Network Engineer in real life and part time woodworker.
 

scsmith42

New User
Scott Smith
Ken, thanks for the info. I'll double check with Tracy to see if this would be a valid discussion on NCWW, and in the meantime will send you a PM. Thx.

Scott
 
Status
Not open for further replies.

Our Sponsors

LATEST FOR SALE LISTINGS

Top