I'm not very familiar with 'doze viruses, but one of my machines was infected last week (my first virus, w00!) The infected machine generated tons of ARP requests. Perhaps you can try running tcpdump and watch for clients that generate an abnormally large amount of ARP traffic. On Sat, Sep 06, 2003 at 12:04:20AM +0530, Payal Rathod wrote: > Hi, > A particular machine in my LAN is affected by SoBig virus and is sending > mails to remote sites. I need to find that IP. The only lead I have is > that it is that IP which is generating maximum SMTP traffic. How do I > find it out and block it (or maybe clean it)? > > Any ideas on this? > With warm regards, > -Payal > > -- > "Visit GNU/Linux Success Stories" > http://payal.staticky.com > Guest-Book Section Updated. -- It is by the fortune of God that, in this country, we have three benefits: freedom of speech, freedom of thought, and the wisdom never to use either. -- Mark Twain
Attachment:
pgp00536.pgp
Description: PGP signature
