I woke up this morning to find my upload bandwidth saturated. I only
know how to use iptraf so I pointed it to the ppp0 interface.
There was a flood of udp packets going out from my external interface to
FDCServers.demarc.cogentc and FDCServerNet.demarc.coge.
Very weird addresses in other words. This is all iptraf gives me.
Pointing iptraf at the eth0 interface shows no such packets which lead
me to suspect the Linux box is sending them out.
A reboot of the Fedora 4 box stopped the outbound traffic.
I may have been root kitted?
Any ideas?
Regards,
Ed.
begin:vcard
fn:Edward Dekkers
n:Dekkers;Edward
org:Triple D Computer Services Pty. Ltd.;Management
adr:;;822 Rowley Road;Oakford;WA;6121;Australia
email;internet:edward@xxxxxxxxxxxxxxxxxxxx
title:Mr.
tel;work:(08) 9397-1040
tel;fax:(08) 9397-0749
tel;home:(08) 9397-0547
tel;cell:0407083195
x-mozilla-html:FALSE
url:http://www.iinet.net.au
version:2.1
end:vcard
