- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Microsoft
- >
- Need help fast!!! Trojan network scanner needed
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:07 AM
тАО07-08-2004 01:07 AM
Need help fast!!! Trojan network scanner needed
I need a program that can scan the entire network for trojans. So one program that can scan al pc's and servers.
To install a program on each pc is a little bit tu much work.
Situation.
Our ISP thinks we have a trojan on our network that sends spam and blocked port 25 so we can not send e-mail, very frustrating.
We can not find any trojans. The ISP does not want to release the block easyly, so I want soee proof that our network is trojan/virusfree.
We have a 3com firewall, whit only the nessesary ports open en Notron Cooperate virusserver.
Hope anyone can point me to a program that can scan for trojans, so I have some proof (logfile) for the ISP,
Regards,
Ronald
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:40 AM
тАО07-08-2004 01:40 AM
Re: Need help fast!!! Trojan network scanner needed
http://www.insecure.org/nmap/
or
http://netsecurity.about.com/cs/hackertools/a/aafreeportscan.htm
If it were my network I would install snort
http://www.snort.org/
on a pc and have it monitor the traffic on the port going to the ISP. It would be a simple matter to have it look for traffic to port 25 and tell you what PC's are doing this.
Could also be that you have an open mail relay somewhere in your system. This is actually pretty common. Either poorly configured and a spammer found it or a system which got hacked, had the mail relay turned on and then the hacker cleaned up his traces. Problem is it need not listen on port 25. The hacker/spammer can use a different port of his/her choice. This would not show as trojan or virus.
Do you not have a firewall on this large network? Easy enough to ask the firewall (or router) to block port 25 outgoing and tell you who sent it.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:57 AM
тАО07-08-2004 01:57 AM
Re: Need help fast!!! Trojan network scanner needed
Tnx for the quick reply.
I do not even think there is a trojan on the network, so I do not know a port.
Our ISP got complains from theire costumers that costumers got spam from our IP-adres.
You probebly know that it is easy to send send mail with another IP, so some spammers just used our IP.
Why do I have to block port 25 outgoing, then the exchangeserver can not send any e-mail or am I wrong?
Actualy I only need some proof that nothing is wrong to send to the ISP, so they will lift the block.
I look into the links and get back to you,
Regards,
Ronald
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 02:26 AM
тАО07-08-2004 02:26 AM
Re: Need help fast!!! Trojan network scanner needed
I'm not up on 3-Com firewalls but on a Cisco it is easy to ask the firewall to block or pass a packet to a particular port and to log the packet's source and destination. In fact it should be possible to only allow packets from your mail server to go out to port 25 and to block everyone else and to tell you about all the blocked attempts. That would quickly find the trojan if it exists.
I'm beginning to wonder if your own mail server has been told to only relay packets from members of your local network and you forgot to exclude the firewall's IP (he will NAT any incoming packets so they will look like a local packet.)
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 03:14 AM
тАО07-08-2004 03:14 AM
Re: Need help fast!!! Trojan network scanner needed
My supirior does not want me to put more effort in finding what probebly is not there.
Now we only presuring the ISP to lift the block.
Tnx for your help,
Regards,
Ronald