Posted 11 November 2007 - 05:44 AM
1. As a techicians what should I be looking for in the log file that would indicate a computer is infected?
Would it be the Network Time Protocol on port 123? I know that this allows the computers on the internet to synchonize their time with a centralize time server, however without time syschronization some security mechananisms doesn't function properly and it's important to for it to look though the log files for security and other problems.
2. What protocol and ports are use if for example if a "Korgo virus" has been detected?
Would it be the TCP protocol and ports 20, 21, 25, 80 and 443?