Wireshark · Ethereal-users: [Ethereal-users] Possible Virus / Trojan / ?????

Ethereal-users: [Ethereal-users] Possible Virus / Trojan / ?????

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Brett Wheeler" <brett.wheeler@xxxxxxxxxxxxxxxxxxxxx>

Date: Fri, 12 Sep 2003 09:36:46 +1000

Hi all,

I hope that you are the right guys/gals/list to ask.

Lately our network has been getting flooded with ARP packets.

There appears to be a few machines (I've identified 3 so far) apparrently
mapping the network with ARP packets. They send out arp requests to all
machines on their subnet, ie. PC# 172.18.1.120/16 has sent arp requests to
all addresses from 172.18.0.1 to 172.18.255.254.

This was discovered when ARP jumped to be over 90% of the network traffic.

I've downloaded and run the latest antivirus software but it comes up clear.

Has anyone seen/experienced/heard of similar? or what caused it?


Brett Wheeler
Network Administrator
Daramalan College
Dickson ACT 2602
Australia
Mob (+61) 0417 228 714
email brett.wheelerATdaramalanc.act.edu.au

****************************
* Only the good die young, *
* I love my immortality.   *
****************************

Follow-Ups:
- Re: [Ethereal-users] Possible Virus / Trojan / ?????
  - From: Marco van den Bovenkamp

Prev by Date: Re: [Ethereal-users] Automation of Ethereal
Next by Date: RE: [Ethereal-users] identifying bugbear & sobig attacks (how?)
Previous by thread: [Ethereal-users] Big Help needed!!!!!!!!!!!!!!!!!!!!!!!!
Next by thread: Re: [Ethereal-users] Possible Virus / Trojan / ?????
Index(es):
- Date
- Thread