Xun, What process writes those entries to syslog? Mind pasting the actual syslog entries to the list?
Bill On Wed, 12 Nov 2003 11:21:48 +1100 (EST) [EMAIL PROTECTED] wrote: > Dear all: > Yesterday, the IT support people at my work place informed me that my > local workstation (which is running debian testing/unstable) was > broadcasting windows Randbot worm throughout the internal network and > several win2k workstations got infected. How could that be? I checked > my logs, there are quite alot of error message "xx.xx.xx.xx sent an > invalid ICMP type 11, code 0 error to a broadcast xxx.xxx.xxx.xxx on > eth0". I've checked info regarding to this particular worm on the Net, > nothing in relation with Linux turned up. Anyway, I was forced to take > my box off the network. Can anyone give me some clues of what is > happening. > Have I got broken into?? FYI, I have been lazy not setting up a proper > firewall on my machine (which I am very much regretting now), since I > thought company firewall should take care of that. I have only the > essential services running on the machine ie. ssh, samba and nfs. I > did run a quick chkrootkit and nothing turned up. > > Thanks, > > Xun. > > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug -- Billy Kwong Fluffy Spider Technologies System Administrator Suite 87, 330 Wattle Street Ultimo, NSW 2007 Phone: (02) 9281 9055 Australia email: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug