TechieTony
IS-IT--Management
I was forwarded this message today from qwest which has really caught my attention. I could think of a few remedies but I dont want to have to scan every pc on my network for bots. Im trying to see if there are any good solutions that are not on the routing level that I can use to track down my infected computer.
All my locations network traffic use frame to our corp offices then to the internet but I cant sniff the traffic because enabling port monitoring on my Dell Powerconnect's causes them to stop forwarding traffic for some odd reason and the support forums for dell do me no good....
I dont know enought about exchange, especially exchange for SBS so I dont know if this can help in tracking the culprit down.
Any thoughts on how to approach this situations are more that welcome????
-----------------------------------
Subject: [AB-M7388809F] Bot infections and Qwest's Acceptable Use Policy
The Qwest Security Services team has received numerous complaints regarding UBE and/or other unacceptable traffic originating from a computer or computers on your network.
##.###.###.## [2008-08-28 06:15:54] GMT
Your system may be infected with a 'bot'. Computers infected with bots are considered compromised hosts. They may be used to send spam (also called Unsolicited Bulk Email or UBE), scan other computers for vulnerabilities, take advantage of security holes, and be used as part of Distributed Denial of service attacks (DDoS) in addition to the spam hosting. These programs also allow your computer(s) to be used by spammers to hide the identities of their sites. These bots are often spread by viruses or worms.
Sending or supporting UBE, scanning, exploiting other computers and participating in denial of service attacks are all against Qwest's Acceptable Use policy, and Qwest is notifying you of this issue with a warning. Further complaints may result in action including blackholing of the offending IP address.
Please make sure your system software is up to date, install antivirus software and scan your hard disk(s) to remove all viruses, trojans or other software which allows remote control of your systems. Please notify all computer users to whom you have sent email messages that you may be infected, and that they need to scan their hard disk(s) to the stop the further spread of viruses. Qwest also recommends checking to be sure that you are not running an open proxy or an open relay. More information on open relays can be found at:
If you believe you have an open proxy, check the documentation for your proxy server or firewall for information on how best to secure it.
Regards,
--
Qwest Internet Solutions sysop@qwest.net, abuse@qwest.net
All my locations network traffic use frame to our corp offices then to the internet but I cant sniff the traffic because enabling port monitoring on my Dell Powerconnect's causes them to stop forwarding traffic for some odd reason and the support forums for dell do me no good....
I dont know enought about exchange, especially exchange for SBS so I dont know if this can help in tracking the culprit down.
Any thoughts on how to approach this situations are more that welcome????
-----------------------------------
Subject: [AB-M7388809F] Bot infections and Qwest's Acceptable Use Policy
The Qwest Security Services team has received numerous complaints regarding UBE and/or other unacceptable traffic originating from a computer or computers on your network.
##.###.###.## [2008-08-28 06:15:54] GMT
Your system may be infected with a 'bot'. Computers infected with bots are considered compromised hosts. They may be used to send spam (also called Unsolicited Bulk Email or UBE), scan other computers for vulnerabilities, take advantage of security holes, and be used as part of Distributed Denial of service attacks (DDoS) in addition to the spam hosting. These programs also allow your computer(s) to be used by spammers to hide the identities of their sites. These bots are often spread by viruses or worms.
Sending or supporting UBE, scanning, exploiting other computers and participating in denial of service attacks are all against Qwest's Acceptable Use policy, and Qwest is notifying you of this issue with a warning. Further complaints may result in action including blackholing of the offending IP address.
Please make sure your system software is up to date, install antivirus software and scan your hard disk(s) to remove all viruses, trojans or other software which allows remote control of your systems. Please notify all computer users to whom you have sent email messages that you may be infected, and that they need to scan their hard disk(s) to the stop the further spread of viruses. Qwest also recommends checking to be sure that you are not running an open proxy or an open relay. More information on open relays can be found at:
If you believe you have an open proxy, check the documentation for your proxy server or firewall for information on how best to secure it.
Regards,
--
Qwest Internet Solutions sysop@qwest.net, abuse@qwest.net
