Hi all, I have a box running Redhat 8.0 serving as a router (DSL) with two nics. I have two win 98 boxes attached to a switch connected to the linux box. Samba runs fine, also everything else on the linux box runs fine, like apache, telnet, ftp, etc.

However, I can't browse the internet for very long from a win 98 box before either machines browser slows down and times out in browsing....the linux browser flies....

help...HELP!

I htink I may have been infected by the slapper. Is this a symptom of that?

thanks

Read http://isc.incidents.org, on the right, the Slapper analysis files and determine if you *are* infected (source files in /tmp, Firewall logged outgoing TCP and UDP connections on mentioned port or active listener on mentioned port, mail sent, etc, etc) instead of *thinking* you are (go for facts, not FUD).

thanks

I have read all the stuff about slapper a and a/b though.

I guess to refine my question, would the slapper infection inhibit my win 98 box web connections? Or, is there some other reason for the slowdown I should be pursuing. Using Ethereal, I see very few tcp packets crossing through the lan interface....

I looked for the files in question (tmp/etc...), and didn't see them, but I do have a log of sendmail traffic which resembles the messages referenced in the worm documentation (on anti virus sites).

Guess I'll have to get smart!

thanks again

I have read all the stuff about slapper a and a/b though.
Does this mean you *also* read the docs I was pointing to?
If so, cool, you now know how the worm spreads, what apps to rename/remove, what ports to block, what addresses to deny traffic to and what mail addresses to block.

If not, then please read those docs first.

If only wintendo fails it might as well be something like it failing to resolve addresses or like that. In any case, logging *all* traffic might help you see more, like outgoing TCP/80 and 443 scans.