| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 16613 | 2002-03-13 08:33:00 | Think we got hacked | Guest (0) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 38979 | 2002-03-13 08:33:00 | We installed a new server about two weeks ago. Running NT 4. We are connected to the internet via ADSL (jetstream). Last week I noticed that our interent usage was going through the roof. We use about 300 MB per month, this month it was 750 MB. I spoke to Telecom and they sent me a report that showed on the hour and every hour we uploading 0.41 MB and donloading 0.70 Mb, so just over a 1 MB per hour. Spoke to some IT guys who thought this was quite strange. So I did a virus check on all of the computers and server.There are three computers on the network and all are running Nortons Corporate. One computer came back with the badtrans.b virus. I used the Symantec fix-it tool and did another check and it seems ok. I install zone alarm pro 3.0 on the server. However I'm still losing about 1 MB an hour. Its got me beat anybody got any ideas? Thanks in advance. |
Guest (0) | ||
| 38980 | 2002-03-13 09:13:00 | Do you have any programs that are configured to do anything on the hour. Such as Norton running a live update. Have a check at what programs are allowed in ZoneAlarm. JM |
Guest (0) | ||
| 38981 | 2002-03-13 09:16:00 | You could do a number of things but it depends upon the setup of your system. Firstly why don't you bring up ZA and watch what app is active. Clicking on the alerts tab will show you both the active application and a summary of data transfered in both directions. |
Guest (0) | ||
| 38982 | 2002-03-13 10:11:00 | Hi, Good call, if it does it every hour, just hang around on the hour, tell ZA not to allow anything access to the net, and see what asks for permission... :) Erin |
Guest (0) | ||
| 38983 | 2002-03-13 19:54:00 | If it was just down, I would wonder if it was a corrupt mail message getting part way through delivery. It could well be some software being paranoid about checking for updates, but again bidirectional would suggest it isn't. It's quite a load for spyware, I would expect that sort of thing to be more subtle and send less data. I reckon you shut down all apps with ZA and just release them slowly back on and monitor it (can't be done too slowly or you'll have a riot on your hands). robo. |
Guest (0) | ||
| 38984 | 2002-03-13 20:37:00 | Thanks for the help guys. Still has me stumped so I'm calling in the experts. Now where did I leave that cheque book? | Guest (0) | ||
| 38985 | 2002-03-17 11:24:00 | Why don't you run a 'netstat -A 30' and wait to see where it connects? | Guest (0) | ||
| 1 | |||||