Dear list members, First of all let me state where I stand.
I've been using Linux (Debian) for one year now. During this year I've learnt quite a lot but on the issue of network and security I'm a complete newby. Now I think I have a security problem (although it is not exclusively mine). The problem is as follows: I am the administrator of three PCs in a local network. They all have real IP adresses. Sometimes, withou any aparent reason, some of the computers in this network start producing network trafic without any aparent reason. I do netstat and there is no indication of a network conection. I do "tcpdump host machinename" and I get a series of: 17:32:27.620336 neural1.fe.up.pt > bozzman.comesurfthe.net: icmp: echo reply not necessarily with the same machine adress (bozzman.comesurfthe.net). The increase in the network trafic can be as high as 50kB/s. This is not a Debian or Linux specific problem as it also hapens on another machin running Digital Unix, but on the other hand, if I change one of the PCs from Linux to Win NT4 the problem stops. It reapears when I change it back to Linux. Can you help me? Can you point me to some document I might read to find information related to this subject? Thanks in advance, Nuno Faria