From: KEVIN HYATT (KHYATT@xxxxxxxxxxxx)
Date: Mon Jun 10 2002 - 09:16:17 GMT-3
We used a sniffer to see the source addresses.
Kevin Hyatt
Phone 217-788-6230 Ext. 279
GroupWise e-mail address: KHYATT.POST OFFICE.FAMIS
Internet e-mail address: khyatt.ccc.hshs.org
>>> "sanjay singh" <ccienxtyear@hotmail.com> 6/10/02 12:39:07 AM >>>
Folks,
A off topic question ....
What debug/show commands (if any) can we use on router to identify what source
IP (host) has the Nimda virus. I am seeing eigrp bounces on one of our wan
routers and when I passive it from the back bone, it stops bouncing. It didn't
happen over the weekend as most likely the infected PC wasn't on the net. Can
we use Sniffer or any other tools ? There are multiple routers and switches
behind this wan router. The only thing I can think of is when I see the eigrp
bounce again, I will start disabling ports cannected to other routers on the
backbone switch one at a time and if the bounce stops, means that particular
port belongs to a subnet where the source maybe. Does anyone have a better
idea or suggestion ?
thanks,
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:30 GMT-3