What are the
indications of a compromised system
or a system under
Slow or no
response, unable to connect to network services, unpredictable
If you experience these symptoms, check if other people in your local area
are having similar problems. If not, the problem could be that your
computer has been infected by a malicious program. If your system is
compromised and is detected attacking other computers, it will be
removed from the UD network.
This may or may not be an indication of an attack. Many anti-virus and anti-spyware programs
generate lots of disk activity during system scans. Check to see if one of your programs is
running a scan, which could slow system response times.
Log entries in your
firewall or system log
Failed logins, entries by users you don't recognize, network
connections to addresses you didn't initiate.
You receive an-email
from UD IT Security
If you can't get to your e-mail from your system, check it from a
different computer to see if there are any notices that your system was
cut-off from the UD network for exhibiting rogue behavior - e.g.,
trying to hack into other systems, sending SPAM, etc.
Return to Computer Security Incident
Questions / comments?
Copyright © 2006, University of Delaware