Scanning LAN for virus activity?

Steve Mason SMason at KMSS.CA
Mon Mar 15 22:55:07 GMT 2004


Not sure about iptables, but I use nmap and tcpdump to check for anything on
my local network.
Nmap to scan for any of the ports that the latest worms/vuruses listen on.
Tcpdump listening on port 25 (minus your mail servers) should find anyone
with a process sending out spam, or trying to propagate a worm/virus via
email.

-----Original Message-----
From: Michael St. Laurent [mailto:mikes at HARTWELLCORP.COM]
Sent: March 15, 2004 3:46 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Scanning LAN for virus activity?


I was reading about the String module for iptables in Linux Journal over the
weekend and it occured to me that this could be used for scanning the LAN
for the presence of an infected system.

Does anyone know if such a tool exists?  We're seeing *much* higher network
activity lately than in the past and it makes me nervous.

--
Michael St. Laurent
Hartwell Corporation

This transmission may contain confidential information and is intended for
the original addressee only.  Unauthorized reliance on, or dissemination of
this information is prohibited. If you received this in error, please
contact the sender and delete or destroy this transmission.
Please be aware that communication with us via e-mail is, by its nature, not
a 100% secure communications medium.
Thank you.



More information about the MailScanner mailing list