why not place it on a switch by itself and then dump the interface to see what is going out !
On Wed, Nov 12, 2003 at 01:00:54PM +1100, [EMAIL PROTECTED] wrote: > > How exactly did they come to this conclusion? Reading up on the virus > > it appears to only run and infect Windows systems ... > > > > http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100401 > > > > I know corporate IT people are often very quick to blame any sort of > > abnormal behaviour on a perfectly fine Linux box, but that seems like an > > extreme accusation. > > That's what I thought first. This worm should be windows specific. I did > few quick checkup, everything seemed to be normal. I then reconnected my > machine to network. Within 10 minutes, I got call from the support guy > asking me whether I have reconnected. I was told two more machines just > got infected. For some stupid reasons (I couldn't even remember now) I did > not save my ethereal snapshot of traffic going out of my eth0 during that > time (DAMN!) so I can't prove anything. But from my memory there were few > announcement/browse packets from samba sent out. Right now, I am really > hesitant to reconnect my machine to the network for further testing, > before I have some clues of what has happened. I really don't want to piss > them off. Ever since that MBlaster worm... ;-) > > Xun. > > > > > -i > > > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug