Most of it is ARP traffic. Some machine asking for who has ip whatever. You will see this using Etherape.
On Star Date Saturday 20 September 2003 07:50 pm, James Sparenberg sent this sub-space message. > On Sat, 2003-09-20 at 19:22, mike wrote: > > Bill Mullen wrote: > > > On Sat, 20 Sep 2003, mike wrote: > > >>recently I have noticed a lot of small traffic thru my internet > > >>connection ( eth1 ) even when I'm not surfing. How Can I determine if > > >>I'm being used as a zombie, or have otherwise been compromised? > > >> > > >>I use a cable modem, and share this with my wifes windoze box. I run > > >>firestarter as the firewall. > > > > > > Besides watching the traffic, installing and running chkrootkit is a > > > good way to test for whether or not your system has been compromised. > > > There is an MDK RPM for it for the recent (9.x) releases; it's in > > > contribs, IIRC. > > > > have done that already nothing, > > > > so what causes the constant traffic when I am not running a browser, etc? > > Lots and lots of windows boxes. Windows is as chattery as a 3 year > old. every few seconds sending out arp messages saying I'm here I'm > alive and more. Since you are on cable you get to see this chatter. > Meanwhile your box is quietly going.. "yeah right leave me alone" The > other kind of traffic is a blue ton of virus infected windows boxes > trying to break into your Linux box with a windows exploit, and your box > saying "go away". > > James
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
