On Thu, 2006-02-16 at 11:55 +0530, Shijithlal wrote: > Most intresting part of this is, after two or three hours the data > traffic automatically stops and the very next day it start almost the > same time.
Have you installed any new programs on the gateway with a cron triggering traffic at a specific time? Like others have suggested, look at the dump of sample packets - if the destination IP does not look familiar then you system is most likely hosed. Hopefully, you used tripwire or aide to baseline your system after installation/configuration to verify checksum integrity of the files in your system. You can also use portsentry to block intruders. IMO blocking traffic to a specific IP/network may work as a stop gap measure until the trojan figures it out and tries other zombies on the 'Net. Best is to start with a clean system. -- Arun Khan Linux is like a wigwam - no gates, no windows, apache inside ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
