- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Microsoft
- >
- Need help fast!!! Trojan network scanner needed
Operating System - Microsoft
1757033
Members
2189
Online
108858
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:07 AM
тАО07-08-2004 01:07 AM
Need help fast!!! Trojan network scanner needed
Hi folks,
I need a program that can scan the entire network for trojans. So one program that can scan al pc's and servers.
To install a program on each pc is a little bit tu much work.
Situation.
Our ISP thinks we have a trojan on our network that sends spam and blocked port 25 so we can not send e-mail, very frustrating.
We can not find any trojans. The ISP does not want to release the block easyly, so I want soee proof that our network is trojan/virusfree.
We have a 3com firewall, whit only the nessesary ports open en Notron Cooperate virusserver.
Hope anyone can point me to a program that can scan for trojans, so I have some proof (logfile) for the ISP,
Regards,
Ronald
I need a program that can scan the entire network for trojans. So one program that can scan al pc's and servers.
To install a program on each pc is a little bit tu much work.
Situation.
Our ISP thinks we have a trojan on our network that sends spam and blocked port 25 so we can not send e-mail, very frustrating.
We can not find any trojans. The ISP does not want to release the block easyly, so I want soee proof that our network is trojan/virusfree.
We have a 3com firewall, whit only the nessesary ports open en Notron Cooperate virusserver.
Hope anyone can point me to a program that can scan for trojans, so I have some proof (logfile) for the ISP,
Regards,
Ronald
The logic of Microsoft: "Press START to shut down the pc"
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:40 AM
тАО07-08-2004 01:40 AM
Re: Need help fast!!! Trojan network scanner needed
Unless you happen to know what port the trojan opens (assuming it is a remote control trojan and not just an emailer) a scan would be difficult to interpret but if you want to try then nmap at:
http://www.insecure.org/nmap/
or
http://netsecurity.about.com/cs/hackertools/a/aafreeportscan.htm
If it were my network I would install snort
http://www.snort.org/
on a pc and have it monitor the traffic on the port going to the ISP. It would be a simple matter to have it look for traffic to port 25 and tell you what PC's are doing this.
Could also be that you have an open mail relay somewhere in your system. This is actually pretty common. Either poorly configured and a spammer found it or a system which got hacked, had the mail relay turned on and then the hacker cleaned up his traces. Problem is it need not listen on port 25. The hacker/spammer can use a different port of his/her choice. This would not show as trojan or virus.
Do you not have a firewall on this large network? Easy enough to ask the firewall (or router) to block port 25 outgoing and tell you who sent it.
Ron
http://www.insecure.org/nmap/
or
http://netsecurity.about.com/cs/hackertools/a/aafreeportscan.htm
If it were my network I would install snort
http://www.snort.org/
on a pc and have it monitor the traffic on the port going to the ISP. It would be a simple matter to have it look for traffic to port 25 and tell you what PC's are doing this.
Could also be that you have an open mail relay somewhere in your system. This is actually pretty common. Either poorly configured and a spammer found it or a system which got hacked, had the mail relay turned on and then the hacker cleaned up his traces. Problem is it need not listen on port 25. The hacker/spammer can use a different port of his/her choice. This would not show as trojan or virus.
Do you not have a firewall on this large network? Easy enough to ask the firewall (or router) to block port 25 outgoing and tell you who sent it.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 01:57 AM
тАО07-08-2004 01:57 AM
Re: Need help fast!!! Trojan network scanner needed
Hi Ron,
Tnx for the quick reply.
I do not even think there is a trojan on the network, so I do not know a port.
Our ISP got complains from theire costumers that costumers got spam from our IP-adres.
You probebly know that it is easy to send send mail with another IP, so some spammers just used our IP.
Why do I have to block port 25 outgoing, then the exchangeserver can not send any e-mail or am I wrong?
Actualy I only need some proof that nothing is wrong to send to the ISP, so they will lift the block.
I look into the links and get back to you,
Regards,
Ronald
Tnx for the quick reply.
I do not even think there is a trojan on the network, so I do not know a port.
Our ISP got complains from theire costumers that costumers got spam from our IP-adres.
You probebly know that it is easy to send send mail with another IP, so some spammers just used our IP.
Why do I have to block port 25 outgoing, then the exchangeserver can not send any e-mail or am I wrong?
Actualy I only need some proof that nothing is wrong to send to the ISP, so they will lift the block.
I look into the links and get back to you,
Regards,
Ronald
The logic of Microsoft: "Press START to shut down the pc"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 02:26 AM
тАО07-08-2004 02:26 AM
Re: Need help fast!!! Trojan network scanner needed
Since you are blocked anyway, I don't see why it would be a problem to block the same port on the firewall to let it log attempts for a while.
I'm not up on 3-Com firewalls but on a Cisco it is easy to ask the firewall to block or pass a packet to a particular port and to log the packet's source and destination. In fact it should be possible to only allow packets from your mail server to go out to port 25 and to block everyone else and to tell you about all the blocked attempts. That would quickly find the trojan if it exists.
I'm beginning to wonder if your own mail server has been told to only relay packets from members of your local network and you forgot to exclude the firewall's IP (he will NAT any incoming packets so they will look like a local packet.)
Ron
I'm not up on 3-Com firewalls but on a Cisco it is easy to ask the firewall to block or pass a packet to a particular port and to log the packet's source and destination. In fact it should be possible to only allow packets from your mail server to go out to port 25 and to block everyone else and to tell you about all the blocked attempts. That would quickly find the trojan if it exists.
I'm beginning to wonder if your own mail server has been told to only relay packets from members of your local network and you forgot to exclude the firewall's IP (he will NAT any incoming packets so they will look like a local packet.)
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2004 03:14 AM
тАО07-08-2004 03:14 AM
Re: Need help fast!!! Trojan network scanner needed
What scans I do I can not find anything wrong,
My supirior does not want me to put more effort in finding what probebly is not there.
Now we only presuring the ISP to lift the block.
Tnx for your help,
Regards,
Ronald
My supirior does not want me to put more effort in finding what probebly is not there.
Now we only presuring the ISP to lift the block.
Tnx for your help,
Regards,
Ronald
The logic of Microsoft: "Press START to shut down the pc"
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP