Shulou(Shulou.com)06/02 Report--

A domestic financial unit has used the backtracking function of an open network traffic analysis system for a long time to locate and analyze sudden business failures.

Received an active alarm from the open network analysis system

Recently, the open network traffic analysis backtracking system actively discovers and reports the spread of worms sent by the internal network of the unit, and gives an active alarm to the infected host.

Combine historical data to determine the problem

After receiving the alarm, the operation and maintenance engineer immediately starts with the alarm log, combined with historical communication log and original packet backtracking to further determine that the above infected hosts try to connect to the target host and inject worm through port TCP 445 (SMB file sharing service) and TCP139 port (NetBIOS SMB file sharing service) to any target host.

According to the alarm information, the engineer carried out the corresponding Trojan virus detection and killing on the above infected host, and the problem was solved in advance.

The use of open network analysis system can not only retrace the time, but also expose the virus in advance and easily solve the problem. (for more questions or related business, please contact the sweet and beautiful customer service: 18600295382)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.