Dan
Sun Aug 24 02:20:01 CDT 2008
Have Fun, lots of info. at us-cert.gov on the vulnerability ----
http://www.kb.cert.org/vuls/id/800113
"Warren Machanik" wrote:
> Took a while to come back to the forum. I had a business to run and have not
> had the time to try and troubleshoot. We identified the PC that was causing
> most of the problem, we are not sure if we have solved the problem since we
> systimatically disable it from the network. I have performed Spyware scanns
> and update virus definitions and examined the startup and removed anything
> that was suspicous.
>
> I am interested in this DNS thing since I am having a problem which may be
> related that the first time I look for a web site it does not load, then you
> press enter on the browser and it loads. Sure it is DNS
> --
> Warren - All limits are man made
>
>
> "Dan" wrote:
>
> > Good Reply. My work network is seeing unusual activity as well due to DNS
> > Pollution issues.
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> > > Looks like something generates a lot of traffic to your WAN
> > > interface/iBurst.
> > >
> > > First, you need to find a way of measure traffic through external interface
> > > of your SBS server.
> > > I suggest running combination of perfmon.exe (with Network Interface
> > > counters) and commands like "netstat -e". The ultimate approach is to run
> > > network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
> > > see how much traffic is generated and where to/from. Capturing on internal
> > > interface will show what workstations are generating most traffic. Wireshark
> > > has quite nice analysis tools, very user-friendly.
> > >
> > > Then - do elimination.
> > > Shut down the new DNS update service and see if that mekes any difference.
> > > Shut down one of the workstations and see if that makes difference. Repeat
> > > with the other workstations.
> > >
> > > The worst thing is that the traffic may be generated externally, discarded
> > > by your systems and still appearing on your bill. In that case you might not
> > > see intensive traffic generated by either workstation or the server.
> > >
> > > --
> > > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > > -= F1 is the key =-
> > >
> > > *
http://sl.mvps.org *
http://msmvps.com/blogs/sp *
> > >
> > >
> > > "Warren Machanik" <WarrenMachanik@discussions.microsoft.com> wrote in
> > > message news:6D4EA387-DE98-4BE8-A3DF-F6F288F1982C@microsoft.com...
> > > >I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> > > > 2003. It may be conicidence but recently (in the last 3 weeks) two things
> > > > occuried on my network. My old DDNS service DirectUpdate stop working
> > > > after a
> > > > security fix was applied, so I replaced it with another. Two I upgraded
> > > > one
> > > > computer to Vista
> > > >
> > > > And about a week after noticed I was chewing bandwidth around 1GB of
> > > > bandwidth a day.
> > > >
> > > > I have run TCPView on the one PC and on the Small Busines server. Which is
> > > > acting as a router to the external world (connected using a IBurst router
> > > > on
> > > > an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
> > > >
> > > > I have tried checking for spyware, and run all the updates but I cannot
> > > > find
> > > > where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> > > > to
> > > > trouble shoot?
> > > > --
> > > > Warren - All limits are man made
> > >
> > >
> > >