1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nachi Virus

Discussion in 'Computer Security' started by AJ, Aug 29, 2003.

  1. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Just got in from work. What a day (11 hours!!)

    First we knew about it was when the mail server crashed. Then our firewall crashed due to the amount of traffic trying to get through. One of the IT technitions suddenly got this virus and then the whole network started to fall down. Quick someone pull the plug.

    The network manager pulled the connections on all of the subnets and left just one on line. Fortunatly the servers were OK. Cleaned a machine and within 5 mins. it had got invected again. So, all of the machines on that particular subnet had to be removed from the network, disinfected and have the relivant M$ patch installed.

    Now the pc's in the rest of the school (about 300) have to have the same done so that we can re-start the network and mail server.

    Moral of the story, ensure your anti-virus is up to date (it was as it happens - Sophos), keep up with the M$ patches and make sure that all of your machines are running the same service patch.

    Gotta go in Tomorrow to finish off (bummer :cry: ). Can't wait till Monday when the school reopens and all of the teachers and kids bring in their laptops and connect to the network. Virus chasing all over again (do you think it could become a new Olympic Sport).

    Antone know how to set up a RADIUS server so that we can keep a track of pc's attaching to the network via MAC addresses or any other way of doing this.

    Time for a beer and a sit down.

    TTFN
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  2. flex22

    flex22 Gigabyte Poster

    1,679
    0
    69
    At the hospital I was delivering a letter to the Macmillan Nurses office and the woman was sat at her computer reading some instructions on a piece of paper.

    The cmd console was open but she looked puzzled.

    I usually tell every poor soul all about my course so she let me have a go at following the instructions.

    I followed them and the Nachi virus was removed.

    So I guess I actually removed a virus off a network. :D
     
  3. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Nice one, Flex - now you can smell their blood ... :bigcry :snipersm:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  4. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    Sounds like a nasty Virus from what I've been reading.
    I was in over the holidays and patched up the whole network. Updated all virus software and updated windows as soon as the first few infections came around. 8)

    Sorry mate cant give you much more than a few google results on this.
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  5. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    There was a fair bit about setting up a dedicatd RADIUS Server in the 215 book - seemed fairly straight forward.

    Might be worth a look ? (Sorry, but can't be *rsed looking up the actual Chapter number right now)

    :P
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  6. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Cheers Jak,

    Forgot it was in there. I'll check that out in the morning. Just to take this perhaps one step further can this be done in, dare I say it, Linnux??

    Andrew
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  7. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Well our whole IT team was in today to try and get as many PC's ready for the kids on Monday. Done most of them but still most of the computer rooms left (Doors locked, network cables removed until we've cleaned them).

    Told the senior Tech that after this, shall we inventory the machines and make sure that they all have the current service patch and fixes on them so that this whole thing doesn't start again.

    Still Monday will be fun???

    TTFN

    Andrew
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  8. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Indeed - just imagine all the little darlings' faces - ready to undo all your good work once more :P
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  9. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    I'll let you all know how it goes.

    If anyone know how to stop unauthorised machines onto the network then please let me know. This is now beyond a joke

    TTFN

    Andrew
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  10. Luton Bee

    Luton Bee Kilobyte Poster

    365
    0
    36
    That's the problem with DHCP I guess, it'll give an address to just about anything! I guess you could either manually assign IP addresses so someone trying to intorduce another machine would at least have to find the correct subnet. The other way that springs to mind is to alter the DHCP scope to reserve every single address in the scope to a specific machine that should exist on the LAN. There is also (probably) some sort of third party tool that would do it.

    HTH
     
    Certifications: MCSE, MCSA, MCP, A+, Network+ C&G ICT
    WIP: CCNA
  11. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    Well we've finally got rid of the little bugger. Tomorrow will be spent cleaning and patching the pupils laptops (O what fun).

    Has anyone got any experiance of M$ SMS server? What it does and how it works? My network Manager is getting quotes and examples of this type of application.

    Well as always the trial goes on :wink:

    Andrew
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................

Share This Page

Loading...