On March 22, 2005, at 1:30, the client room is the basic situation. It is a two-machine fault tolerance server to restart. Anti-virus software prompt is W32.SASSER, using a special killing tool to remove viruses and hit the virus utilization vulnerability patch After the machine returns to normal. But the network has not been recovered.
First check out the Norton Enterprise System Control Center, view history, and find that many machines are injected into the virus file. After checking the status of the network switch, it is found that the switch is fully loaded and the network is in a state of paralysis. So using the most original wiring troubleshooting method to find the source. First investigate the connection line of distant office land. When the access port of the fiber optic line is removed, the switch returns to normal state, access again, and the switch is full of load. So the problem source is in additional office locations. Telephone contact company sent people to handle it there. This is temporarily stopped with the interconnection of the network there. I immediately rushed to the virus source after discussing the work.
Colleagues have locked some of the problems machines through the firewall real-time log. However, due to many machines, etc., the network is estimated to be a period of time, and the impact on the customer is very large. Therefore, it is determined that there is a problem with the switch in the three-layer switch to be broken first and ensure the operation of the network. By observing the status of the switch, two switches are removed. The network will return to normal. It can also be normal on both sides.
After investigation, most of the machines that have been found are new machines, and customers have not installed enough patches and anti-virus software in the first time, which affects network operation.
