TechieTony
IS-IT--Management
I got this message from qwest today telling me I have a bot on my network. I am in the process of running anti-spyware scans on all of my machines but I need to see what network resources are being passed. All of my locations connect to corp via frame into Dell Powerconnect 3448's.
I tried to monitor the traffic on the switches but when I enabled mirroring the switch stopped forwarding traffic. Since the dell forums gave me no answers and there is not dell-Switch forum im kinda stuck.
Any good ideas on what I can do to find a infected pc on the network would be of service.... thx much
Noncentz
-----------------------
Subject: [AB-M7388809F] Bot infections and Qwest's Acceptable Use Policy
The Qwest Security Services team has received numerous complaints regarding UBE and/or other unacceptable traffic originating from a computer or computers on your network.
##.###.###.## [2008-08-28 06:15:54] GMT
Your system may be infected with a 'bot'. Computers infected with bots are considered compromised hosts. They may be used to send spam (also called Unsolicited Bulk Email or UBE), scan other computers for vulnerabilities, take advantage of security holes, and be used as part of Distributed Denial of service attacks (DDoS) in addition to the spam hosting. These programs also allow your computer(s) to be used by spammers to hide the identities of their sites. These bots are often spread by viruses or worms.
Sending or supporting UBE, scanning, exploiting other computers and participating in denial of service attacks are all against Qwest's Acceptable Use policy, and Qwest is notifying you of this issue with a warning. Further complaints may result in action including blackholing of the offending IP address.
Please make sure your system software is up to date, install antivirus software and scan your hard disk(s) to remove all viruses, trojans or other software which allows remote control of your systems. Please notify all computer users to whom you have sent email messages that you may be infected, and that they need to scan their hard disk(s) to the stop the further spread of viruses. Qwest also recommends checking to be sure that you are not running an open proxy or an open relay. More information on open relays can be found at:
If you believe you have an open proxy, check the documentation for your proxy server or firewall for information on how best to secure it.
Regards,
--
Qwest Internet Solutions sysop@qwest.net, abuse@qwest.net
I tried to monitor the traffic on the switches but when I enabled mirroring the switch stopped forwarding traffic. Since the dell forums gave me no answers and there is not dell-Switch forum im kinda stuck.
Any good ideas on what I can do to find a infected pc on the network would be of service.... thx much
Noncentz
-----------------------
Subject: [AB-M7388809F] Bot infections and Qwest's Acceptable Use Policy
The Qwest Security Services team has received numerous complaints regarding UBE and/or other unacceptable traffic originating from a computer or computers on your network.
##.###.###.## [2008-08-28 06:15:54] GMT
Your system may be infected with a 'bot'. Computers infected with bots are considered compromised hosts. They may be used to send spam (also called Unsolicited Bulk Email or UBE), scan other computers for vulnerabilities, take advantage of security holes, and be used as part of Distributed Denial of service attacks (DDoS) in addition to the spam hosting. These programs also allow your computer(s) to be used by spammers to hide the identities of their sites. These bots are often spread by viruses or worms.
Sending or supporting UBE, scanning, exploiting other computers and participating in denial of service attacks are all against Qwest's Acceptable Use policy, and Qwest is notifying you of this issue with a warning. Further complaints may result in action including blackholing of the offending IP address.
Please make sure your system software is up to date, install antivirus software and scan your hard disk(s) to remove all viruses, trojans or other software which allows remote control of your systems. Please notify all computer users to whom you have sent email messages that you may be infected, and that they need to scan their hard disk(s) to the stop the further spread of viruses. Qwest also recommends checking to be sure that you are not running an open proxy or an open relay. More information on open relays can be found at:
If you believe you have an open proxy, check the documentation for your proxy server or firewall for information on how best to secure it.
Regards,
--
Qwest Internet Solutions sysop@qwest.net, abuse@qwest.net