A couple of weeks ago I wrote a blog entitled Downadup/Conficker Worm caught by using Flow Analytics, NetFlow Analyzer which used the SYN Violation algorithm to detect its presence. Another algorithm that will help prevent worms on your network is the RST/ACK Destination algorithm.

RST/ACK Destination algorithm looks for excessive connection denials that come back from the destination host. This is very handy in detecting such small things as network misconfigurations, and big things such as worms or port scans across the network.

Since worm attacks are designed to spread throughout networks and copy themselves to other nodes it’s important to monitor the connection requests within your network.

Some worms, such as the ExploreZip Worm, are designed to alter system config files. Others exploit vulnerabilities in an effort to establish backdoors to your network. With the network now compromised, these infected machines known as zombies join other networks that have also been infected. These botnets function as a channel to inject Trojans and other viruses into yours and other networks.

Detection is made easier when using RST/ACK Destination algorithm. With the help of Flow Analytics and gadgets like this, you have the visibility you need to detect malicious behavior before it causes damage.

Jamie Lee author pic

Jamie Lee

Jamie Lee is the west coast Regional Manager at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long-lasting relationships with his clients. Jamie loves the outdoors and his favorite hobbies include fishing, hiking, and football.


Leave a Reply