.

Network Virus Problem

<<

nelson

Newbie
Newbie

Posts: 4

Joined: Fri Jan 02, 2009 6:41 am

Post Fri Jan 02, 2009 7:02 am

Network Virus Problem

In My network I am using two application Mail Servers. One Mail server is local and the other is in remote which is connected through Router. Hence we have specified Dual IP Address in the NIC card. But some time back in December 2008, we have started facing problem on these systems. The servers are able to ping from the affected system but the mail application Outlook to local and another is not able to connect. Even changed the TCP connections from 10 to 50, Please if anybody can advise me what to do, it would be helpful.
<<

shednik

Jr. Member
Jr. Member

Posts: 75

Joined: Thu Sep 11, 2008 7:30 am

Post Fri Jan 02, 2009 8:39 am

Re: Network Virus Problem

How are the mail servers connected?? via private line ie T1/DS3?  What has changed since then?  Do the logs on either mail server show anything suspicious?  Please provide a little more detail as to what is exactly failing? The more information you can provide us the better we will be able to help you!
CCNA, MCP, A+, N+

WIP: Masters of Infosec, CEH, & Mastering C
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Jan 02, 2009 8:51 am

Re: Network Virus Problem

Nelson,

I'll agree with Shednik, we're going to need more information before anyone is able to provide any concrete advice.

What makes you believe that the issues you are experiencing are virus related? From experience the Windows TCP/IP stack is horrible for working with dual-homed systems and I'd suggest that you may want to take a closer look at the connectivity between the two; possibly a packet sniffer at either server to ensure that the inter-server communication is exactly what you are expecting.
<<

nelson

Newbie
Newbie

Posts: 4

Joined: Fri Jan 02, 2009 6:41 am

Post Sat Jan 03, 2009 11:37 am

Re: Network Virus Problem

Well as I had specified previously that one of the mail server is in 192.162.0.0 series through a DNS Server and this is in local LAN and the other is in another location but in Intranet only through E1 line and connected through a Router in the IP series 172.16.0.0 through a gateway. Hence I had configured the system with Dual IP address for accessing both mail servers. The moment I remove either of one IP entry then the same will work without any problem and the moment i configure both IP say after some 2-3 mts it will not access both the servers but can ping both. I had done an netstat -an then it shows that it is opening ports to connect to microsoft-ds.com site. Pl reply back.
<<

shednik

Jr. Member
Jr. Member

Posts: 75

Joined: Thu Sep 11, 2008 7:30 am

Post Sat Jan 03, 2009 10:56 pm

Re: Network Virus Problem

If I'm understanding you correctly it sounds like you're trying to have a mail client(ie.. outlook) communicate with either mail server.  Have you set up a cluster of some sort for the messaging environment??  Is this exchange/domino/etc??  I'm still not clear what your exact issue is by your description. 
CCNA, MCP, A+, N+

WIP: Masters of Infosec, CEH, & Mastering C
<<

nelson

Newbie
Newbie

Posts: 4

Joined: Fri Jan 02, 2009 6:41 am

Post Sun Jan 04, 2009 2:52 am

Re: Network Virus Problem

Ok, I will explain properly. We have two mail servers one in LAN and another in Intranet (in Remote Location). These two mail servers are working perfectly if contacted by our LAN users individually i.e.
Scenario 1-
If I want to use the Mailserver(It is not Exchange Server-Local SW) of Intranet then I have to change my IP address to that series and access by Browser then I get connected to that mail server.
Scenario 2-
If I want to use the local LAN MailServer configured through Exchange Server ,once again I had to change back to my Local LAN IP series and get access by outlook, then I get Connected to this Exchange Server.

But I want to access both without changing the IP Series i.e. by adding both IP address in the TCP/IP configuration of LAN settings.

Previously, we had encountered Fujibacks virus in four systems, and in these four systems we removed the virus and re-formatted these systems. For 15 days these system started working perfectly and then suddenly seized working when given dual IP, Checked for Virus but no luck. Pl Reply and Advice.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Jan 04, 2009 11:25 am

Re: Network Virus Problem

You might put a packet sniffer on to see if there is any unusual traffic being generated.
<<

shednik

Jr. Member
Jr. Member

Posts: 75

Joined: Thu Sep 11, 2008 7:30 am

Post Sun Jan 04, 2009 10:40 pm

Re: Network Virus Problem

If i'm understanding you right why are you configuring a client with 2 different ip addresses?  If the local subnet for the client is 192.162.0.0 and the remote is 172.16.0.0, you don't need an IP in both subnets.  Just a route to get there...if you need to hit a different router then your default gateway to reach that subnet adding a static route may be what you need to do.
CCNA, MCP, A+, N+

WIP: Masters of Infosec, CEH, & Mastering C
<<

nelson

Newbie
Newbie

Posts: 4

Joined: Fri Jan 02, 2009 6:41 am

Post Tue Jan 06, 2009 9:54 pm

Re: Network Virus Problem

As suggested I have tried Etheral and the TCP packets are more. And they are normally opening ports from 3914 to 3961 and all these ports are trying to access Internte IP address mainly microsoft-ds.

If I can add static route in my router. can u tell me precisely. As I had earlier specified my local LAN is in 192.162.9.x/24 network. And my Intranet through router is 172.16.163.x/24. Hence I give IP address as 192.162.9.5 with subnet 255.255.255.0 and DNS as 192.162.9.1. And the additional IP I give as 172.16.163.204 with 255.255.255.0 and Gateway (router) 172.16.163.99. My Intranet mail server is 172.16.1.1, Hence I give the static route for 172.16.163.0 to go to 172.16.1.1.

If I should not use dual ip pl reply how to give route in my gateway.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Jan 07, 2009 4:31 am

Re: Network Virus Problem

Nelson,

how to add the static route in the router will vary depending on device/manufacturer. Be aware that you will need a route at both ends to allow traffic to return.

However, as the 2nd mail server is on a remote site do you have an point to point connectivity between the two sites? As both ranges are internal rfc 1918 addresses these aren't routable over public infrastructure. If there is no direct connectivity you will need a site-to-site VPN to link the two LANs.

Hope this helps,
RR

(P.S. Still not clear how this relates to ethical hacking though....)

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software