Wednesday, June 24, 2009

How to Detect Email Worm with Colasoft Packet Sniffer

What Is an Email Worm
In networking, an email worm is a computer worm which can copy itself to the shared folder in system. And it will keep sending infected emails to stochastic email addresses. In this way, it spreads fast via SMTP mail servers.


What Is the Harm of Email Worm

An email worm can send lots of infected emails in a very short time and it will never stop unless it’s removed. It will cause a large traffic and make the system go slowly. Sometimes it even makes the mail server crash.


How to Detect Email Worm

If you are suspicious some host in your network is infected with an email worm, here is a process how we can detect email worm" in network with Colasoft Packet Sniffer, step by step.


>Step1. Download a free trial and deploy it properly.


>Step2. Launch a Project and Start Capturing Some Traffic.


>Step3. Switch to “Diagnosis” Tab

Diagnosis tab is a view we can see all the network issues automatically detected by Colasoft Packet Sniffer, also some causes and solutions are suggested.


Diagnosis Tab Screenshot


If there is a host infected with an email worm, we should be able to see SMTP events in the application layer like this:


SMTP Events in Application Layer


>Step4. Locate the Source IP

Possibly the source IP is the host infected with an email worm as it is sending too many emails in a short period of time with SMTP. So let’s locate the source IP in the “Explorer” with the “Locate” shortcut in the right-click menu.


Locate Source IP


>Step5. Switch to “Logs” Tab

Check if the host is sending emails to a large number of recipients in a very short period of time. If so, we can determine the host is infected with an email worm and should be handled immediately. We should be able to see logs in the Tab like this:


View Email Logs in "Logs" Tab


No doubt the final step is to isolate the host and kill the email worm with some AV software


Also there will be some other process to detect email worm with Colasoft Packet Sniffer, this is the shortest one.




Wednesday, June 17, 2009

14 Tips to Protect Your Organization's Network

Colasoft Network Analyzer

Network security is an infinitely complex and dynamic subject, implementing these simple measures will go a long way to protecting your Organization's LAN.


1, Run Network Analyzer Frequently.Recommend an easy-to-use network analyzer, Colasoft Capsa.


2, Disable drives:Disable floppy drive access, USB ports and serial ports on networked computers.


3, Restrict Permissions: Windows 2000 and 2003 server allow you to set permissions so that users can't run downloaded 'exe' or other executable files.


4, Block Instant Messenger:IM and its cousins, ICQ and Yahoo Messenger, sends messages and attachments out to a server and then back to its clients. You lose control when this happens.


5, Password Protect Your BIOS:A BIOS without an administrator password is an invitation to mischief.


6, Run AV Software: Run anti-virus software on all your computers.


7, Build Your Defenses: Install a firewall or a proxy server.


8, Beware Of Attachments From Unknown, Untrusted Sources:Do not open attachments to email unless you trust the sender.


9, Monitor Your Ports:Install a port monitor to prevent your ports from being scanned.


10, Encrypt Wireless Access.


11, Keep Back Office Systems Off The Organization Network


12, Require passwords to be changed frequently


13, Use CTRL+ALT+DEL to logon


14, Keep your networking skills up to date.





Colasoft Capsa is an easy-to-use packet sniffer for network monitoring and troubleshooting. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving you insights into all of your network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities.
 
Free counter and web stats