Is there a way that network administrators can tell if there is a virus going through the network? I heard about all these new viruses and malware attacking other machines on the same network. Is there a tool or signature detection for finding this?
Thread: virus detection via the network
12-24-2011 04:38 PM
- Join Date
- Nov 2011
- Knoxville, TN
12-25-2011 10:30 PM
Yes and no. The activity on the network is fairly low. They don't use a lot of bandwidth to spread themselves. However, once infected, they may report back to a botnet master. Infected machines can be used as part of a DDoS attack or relay of spam.
There are tools out there like SNORT that will detect some thing against signatures of know malicious code. It's a little intiuitive to setup because it requires using a tap or mirroring ports to scan entire vlans or networks. I don't know of anyone that has it running 24/7.