|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michael Ward (Mward
roseglen.com)Date: Wed Apr 03 2002 - 16:19:05 CST
Did you do any packet captures? Maybe if you captured some packets you
could analyze the ports that were being used and the protocol and then
figure out if it was possibly a Trojan or IRC bot... (or something of
the likes). I wouldn't be surprised being the machines are on a campus.
-Mike
-----Original Message-----
From: Hunter Ely [mailto:hely1lsu.edu]
Sent: Wednesday, April 03, 2002 2:27 PM
To: focus-mslists.securityfocus.com
Subject: ntsds.exe or ntsdc.exe
Recently some computers on a few LANs on our network were sending full
size
packets and were the top talkers on campus. When we looked into this
further, it appeared that all the machines were Windows machines with a
service called either ntsds.exe or ntsdc.exe. This service couldn't be
stopped. The only way to keep it from loading was to rename the file.
The
traffic ceased when we finally were able to stop the service. I can't
seem
to find anything about this service anywhere. Has anyone else on the
list
experienced this or can point me in the right direction? Thanks
------------------------------------------------------
Hunter Ely
Network Security Analyst, Office of Computing Services
Louisiana State University
http://hunter.lsu.edu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]