Dear all:
Yesterday, the IT support people at my work place informed me that my
local workstation (which is running debian testing/unstable) was
broadcasting windows Randbot worm throughout the internal network and
several win2k workstations got infected. How could that be? I checked
my logs, there are quite alot of error message "xx.xx.xx.xx sent an
invalid ICMP type 11, code 0 error to a broadcast xxx.xxx.xxx.xxx on
eth0". I've checked info regarding to this particular worm on the Net,
nothing in relation with Linux turned up. Anyway, I was forced to take
my box off the network. Can anyone give me some clues of what is
happening.
Have I got broken into?? FYI, I have been lazy not setting up a proper
firewall on my machine (which I am very much regretting now), since I
thought company firewall should take care of that. I have only the
essential services running on the machine ie. ssh, samba and nfs. I
did run a quick chkrootkit and nothing turned up.
Thanks,
Xun.
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
