Dear all: Yesterday, the IT support people at my work place informed me that my local workstation (which is running debian testing/unstable) was broadcasting windows Randbot worm throughout the internal network and several win2k workstations got infected. How could that be? I checked my logs, there are quite alot of error message "xx.xx.xx.xx sent an invalid ICMP type 11, code 0 error to a broadcast xxx.xxx.xxx.xxx on eth0". I've checked info regarding to this particular worm on the Net, nothing in relation with Linux turned up. Anyway, I was forced to take my box off the network. Can anyone give me some clues of what is happening. Have I got broken into?? FYI, I have been lazy not setting up a proper firewall on my machine (which I am very much regretting now), since I thought company firewall should take care of that. I have only the essential services running on the machine ie. ssh, samba and nfs. I did run a quick chkrootkit and nothing turned up.
Thanks, Xun. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug