I use tcpdump from tcpdump.org in linux to find the ip-addresse and the viruses in windows partitions were found by f-prot anti virus program ran from linux partition.
Greg <[EMAIL PROTECTED]> wrote:
Hi, I was wondering, how do you monitor activity to your ports, in both linux and windows, (but mainly linux), and how do you locate which ip addresses they are trying to access?regards Greg-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of linux power
Sent: Thursday, November 07, 2002 11:34 AM
To: redhat mail list
Subject: The worm came from nkv.ukshells.co.ukThe worm came from nkv.ukshells.co.uk and an ip 64.12.28.240
which I dont find the domain name.
These two adresses is what my linux worm try to connect to when I've not run
dhcpcd and watching the traffic to my wan card.
The first ip-address appear as 217.10.143.229.ircd and a tar.gz file on that location is called dsircd.tar.gz
I've also found 65 infected files
with W32CIH2003 mainly on my windows partitions.
So if anybody know about that irc worm and how to remove it whitout installing
linux again I'll be happy.
http://home.no.net/~knutove/knut_ove_hauge_kuren.htmYahoo! Mail har fått nytt utseende
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
http://home.no.net/~knutove/knut_ove_hauge_kuren.htm
Yahoo! Mail har fått nytt utseende
Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok
