urgh, and now with the attachment ---------- Forwarded Message ---------- Subject: please read: very odd network traffic Date: Tue, 7 Aug 2001 18:40:11 +0200 From: William Leese <wleese@europe.nl.com> To: debian-user@lists.debian.org I think my machine has been compromised though i'm not entirely sure. I suddenly saw a reasonable amount of traffic when I wasn't going anything that could generate it so I turned off all the net connection using applications and still there was traffic. Opened top to see if there was a process that wasn't terminated yet, nope.. that wasn't it. Turned off networking. Tried netstat -ap and found to my great dismay that inetd had started the ftp service or atleast that port was available. I accidentally installed wu-ftp awhile ago but i thought i had removed it.. oh well. So, commented it out and restarted inetd. no luck.. the moment i started the networking script there was traffic. Turned off networking. But not before using Ethereal to capture a few packets. I've added an attachment with the log, could someone take a look at it and tell me what could be causing this.. it would seem like something (a worm or virus) is scanning the network looking for (vulnerable?) computers. I'll be keeping this computer off the net till i find out what it is.. only briefly turning on networking to check my mail. all help is greatly appreciated, i'm lost on this one. William Leese -------------------------------------------------------
Attachment:
log
Description: Binary data