Hi
We have a network of 40 ish XP/2000 machines. One of our suppliers brought his laptop (win2k) in today, and needed to get a internet connection to run terminal services over to his server. As SOON as he was on the network and using our router, I noticed everything was crawling. A look at the router (with built in firewall) showed that we had maxed out on outgoing connections (2048), and that 1500 were from his laptop, and the remaining 500 odd were from 4 of our tills, which have no need to access the outside world.
I turned the router off, and went around removing the gateway from the other win2k machines.
Everything has calmed down for the moment. It HAD to be some self-replicating thing, as while watching the router and clearing down each PC, I could see other PC's trying to get a connection. In 2 years they have never even been on the internet.
AVG and Norton have come back clean on a full scan of all the machines. I'm just running all spyware tools etc to see what I can find, but does anyone have ANY ideas what may have happened? Since removing the gateway I've had no extraneous connections, but a couple of pc's have had network issues.
Cheers
Mike
We have a network of 40 ish XP/2000 machines. One of our suppliers brought his laptop (win2k) in today, and needed to get a internet connection to run terminal services over to his server. As SOON as he was on the network and using our router, I noticed everything was crawling. A look at the router (with built in firewall) showed that we had maxed out on outgoing connections (2048), and that 1500 were from his laptop, and the remaining 500 odd were from 4 of our tills, which have no need to access the outside world.
I turned the router off, and went around removing the gateway from the other win2k machines.
Everything has calmed down for the moment. It HAD to be some self-replicating thing, as while watching the router and clearing down each PC, I could see other PC's trying to get a connection. In 2 years they have never even been on the internet.
AVG and Norton have come back clean on a full scan of all the machines. I'm just running all spyware tools etc to see what I can find, but does anyone have ANY ideas what may have happened? Since removing the gateway I've had no extraneous connections, but a couple of pc's have had network issues.
Cheers
Mike
