Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Code Red Worm Effected to 26xx

Status
Not open for further replies.
Sreelu

Sreelu

IS-IT--Management
Oct 3, 2002
23
IN
HI

Our Network is effected with Code Red Worm, and I had applied the MS patch for my IIS also. Still the ARP table in my Cisco 2600 is flooded with wrong entries, after some time the Router start to Denny the services (DOS). ( it’s clear that I had been effected with Code Red Worm) I had been applying the Advisory procedure Given Bye Cisco also. Still I am having the problem.

Any Help is appreciated.

Sreelu
 
Sort by date Sort by votes
May not be Code Red, Blaster and Natchi do similar things. Even if the source has the Microsoft patch, the worms still need to be patched. Sorry to say, but you need to check every pc / server running Microsoft O/S for a) all the latest service packs and Hotfixes and b) they are all swept with an up to date Anti Virus program.

It's a long slow and annoying problem.

Stu..
 
Upvote 0 Downvote
hi Stu,

hmmmmmm, this is a ISP. And i dont think that i can really check all my hundre's of pc's. but still as far as i had done. i am finding this problem only in one part of my network. i.e. only in two city's.
And I had Update that network already with this fixes:




Now, i am able to see that my router very seldome reboots but. still i see that.. my ARP table in router is flooded. and after some time(now it's few hours.) it reboots.

hmmmmmm......... huuuuu..... My Tickets are expiring......

Thanks. once again.
Some more help is antisipated.

Sreelu
 
Upvote 0 Downvote
I had the same problem. I ended up enableing netflow on my router. I then used the command (sh ip cache flow | include 0087) this showed me the ip address of the 8 pc's that were infected with blaster on the network. As soon as I cleaned the virus off of them the router went down to 4% cpu usage.

Hope this helps.
 
Upvote 0 Downvote
I've used the same technique backupbob did to track down infected machines. Works great, and very quickly ID's the culprits.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
150
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
213
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
180
bdk76
bdk76
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
155
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
118
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top