On Sat, 2003-09-20 at 19:22, mike wrote: > Bill Mullen wrote: > > On Sat, 20 Sep 2003, mike wrote: > > > > > >>recently I have noticed a lot of small traffic thru my internet > >>connection ( eth1 ) even when I'm not surfing. How Can I determine if > >>I'm being used as a zombie, or have otherwise been compromised? > >> > >>I use a cable modem, and share this with my wifes windoze box. I run > >>firestarter as the firewall. > > > > > > Besides watching the traffic, installing and running chkrootkit is a good > > way to test for whether or not your system has been compromised. There is > > an MDK RPM for it for the recent (9.x) releases; it's in contribs, IIRC. > > > have done that already nothing, > > so what causes the constant traffic when I am not running a browser, etc?
Lots and lots of windows boxes. Windows is as chattery as a 3 year old. every few seconds sending out arp messages saying I'm here I'm alive and more. Since you are on cable you get to see this chatter. Meanwhile your box is quietly going.. "yeah right leave me alone" The other kind of traffic is a blue ton of virus infected windows boxes trying to break into your Linux box with a windows exploit, and your box saying "go away". James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
