Ok, so... I sat for about 5 hours at work today, doing nothing. Evidently, our network got hit by one of them there Windows network worms and those of us who were affected by it (the ones using Win2k, as it were) kept getting our workstations rebooted every 5 minutes :evil:. The intranet and the mail server were down also... Talk about a mess for over 1200 employees.
My quesion is... How would an admin, or a group of them, go about stopping one of these? This thing propagated itself all the way out to (at least) one of our assembly plants in OH. Other than shutting down the network and cleaning out all the workstations; how would could you fix the effects of this type of virus? Would you just set some worm-sniffing software on it, or what? Somehow, I know it can't be as simple as that though...
Steve
What does your network look like.
1. How many windows workstations?
2. How many windows servers?
3. How many unix/linux workstations?
4. How many unix/linux servers?
5. How many and what brand of routers, switches, hubs?
6. Do you have recent backups of all systems?
7. Were all computers affected or select few?
8. Can provide a graphical layout of the network?
If you can answer some or most of these questions ill be able to tell you how to start the cleanup process.
Wenn Sie Spaß meines Englisch mich Willensfuckingtötung Sie bilden.
The best way would be to make sure everyone is using Linux. Windows is shit, plain and simple! I suppose the worm must have entered the network via an email attachment, or via a download that a company would not permit. My recommendation is to scan all email entering the company before they arrive to the client, thus eliminating the spread of the worm from within the network.
My Website: http://ttgale.com
My Website Uptime: http://img.uptimeprj.com/holastickbo...dee9bae2e2.png
My Server Specs: AMD Athlon X2 3800+, 2gb DDR2 RAM, 1.5TB HDD, Ubuntu 9.10
My Gaming PC: Intel Core 2 Duo 2.93ghz, 4gb DDR2 RAM, 9800GTX+
Thanks for the replies...
Well... I'm just a CAD designer who is using this system. My sys admin experience only extends to my Linux boxes at home (and that's just a hobby). I do feel sorry for the poor bastard(s) who have to clean this mess up, or who may have been careless enough to have it happen in the first place.Originally Posted by comtux
In short; I can only estimate that there were at lease 1200 workstations affected by the worm (all Windows 2k, though there are some XP W/S's but they didn't seem to be affected by today's events). Don't know how many servers, total. No idea of the networking hardware (hubs and routers and such... They just don't tell us users about stuff like that). No idea of a "diagram" for the WAN/LAN layout, but if the assembly plant(s) were involved, then it should give you some idea of the scale of it.
I agree beez... I have no power/say-so, what so ever as to how things are set up in this place. I do know that they do system maintanence during the day, when we're trying to get work done :roll: . If that ain't assinine, I don't know what is. This was a bomb that's been ticking for a while, I think. I'd be very surprised if the system is fully up and at 'em tomorrow though.
Steve
Right now at your work snct you have about 40 techs hideing under the table and wimpering i do also feel sorry for them all i have to say is they should ahve been useing Linux/Unix/Mac and dumped windows i have seen
intire corps go out of buisness to to the affects of a wide spread virus or worm infection.
Wenn Sie Spaß meines Englisch mich Willensfuckingtötung Sie bilden.
Posting Permissions
Reply With Quote
Bookmarks