[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [afnog]Slow internet access
- To: "Cletus Okolie" <cletus_okolie at yahoo.com>, <woody at pch.net>
- Subject: Re: [afnog]Slow internet access
- From: "Jean Robert HOUNTOMEY" <hrobert at isertech.net>
- Date: Wed, 10 Sep 2003 13:39:52 -0000
- Cc: afnog at afnog.org
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain;charset="iso-8859-1"
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog at afnog.org
- List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
- List-Help: <mailto:afnog-request at afnog.org?subject=help>
- List-Id: The AfNOG general discussion list <afnog.afnog.org>
- List-Post: <mailto:afnog at afnog.org>
- List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
- List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
- References: <20030909114434.95264.qmail at web14309.mail.yahoo.com>
- Sender: afnog-bounces at afnog.org
Hi Cletus, Hope you find a solution for your problem.
You can try to sniff your network with ethereal and look at ICMP
request.
If you are sure that it is a virus,
What you should do:
1. Here are the links at Symantec to download the removal tools for the
3 viruses. Download them and use them on all infected IPs
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f at mm.r
emoval.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm
.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm
.removal.tool.html
For the nachi-worm:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/virus/alerts/nachi.asp - look under PREVENTION
2. Also, attached is a link for Microsoft Patch for Welchia virus:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS03-026.asp
The patch is MS03-026 and is VERY important to install
3. In order to check if things improve, you can try to disconnect the
problematic IPs.
NOTE: the nachi-worm pings many IPs on the network, in order to verify
what is alive. This might cause ROUTER PERFORMANCE DEGRADATION due to
high CPU usage, meaning, your CPU will jump up from 10% to 99%. This can
cause the router to discard packets and to delay in processing the other
packets it does not drop. Here is the Cisco link to read about the
nachi-worm. It contains also the measures to mitigate it:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note0
9186a00801b143a.shtml
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>