|
|
Computer Security Incident FAQ Main Page
Security Breach
Procedures
Protecting Personal Non-Public
Information
Responsible
Computing
A Manual for:
Staff
Students
Student Guide
to University Policies
Computer
Security Home
|
What are the indications
of a compromised system
or a system under attack?
Slow or no response, unable to connect to network services, unpredictable
behavior
If you experience these symptoms, check if other people in your local area are having similar
problems. If not, the problem could be that your computer has been infected by a malicious
program. If your system is compromised and is detected attacking other computers, it will be
removed from the UD network.
Unexplained hard drive activity
This may or may not be an indication of an attack. Many anti-virus and anti-spyware programs
generate lots of disk activity during system scans. Check to see if one of your programs is
running a scan, which could slow system response times.
Log entries in your firewall or system log
Failed logins, entries by users you don’t recognize, network connections to addresses you didn’t
initiate.
You receive an-email from UD IT Security
If you can't get to your e-mail from your system, check it from a different computer to see if
there are any notices that your system was cut-off from the UD network for exhibiting rogue
behavior – e.g., trying to hack into other systems, sending SPAM, etc
Return to Computer
Security Incident FAQs
Questions / comments?
Copyright © 2006, University of Delaware
|
