LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-10-2004, 05:38 AM   #1
princenux
LQ Newbie
 
Registered: May 2003
Location: Jakarta, Indonesia
Distribution: RedHat, Slackware
Posts: 27

Rep: Reputation: 15
[help - emergency] linux sending arp flood


dear friends,

i need help ......

i have a linux server, as internet sharing server. i use redhat, kernel 2.4.7-10, i think it is redhat.. whether redhat 7 or redhat 8.

currently i do the masquerade, ip_forward and a few rule to filtering the input and output packet.

a few days a go, my network was attack with some kind of problem, cssrnn.exe, do you know what virus or threat is that ? because i still got problem with this cssrnn.

this cssrnn file.. will broadcasting and flooding the arp request... to all over the network... and it might infect other workstations too.

now.. it is infecting my linux server too.
when i'm turn on the iptables, to masquerade, it start to broadcast the arp packet .....

hmm is there any solution.. for this problem...
can any one help ?? coz its eating my bandwith....

thanks before....
 
Old 12-10-2004, 01:25 PM   #2
m_shroom
Member
 
Registered: Oct 2004
Location: Queen Charlotte B. C. Canada
Distribution: openSUSE 11.1
Posts: 42

Rep: Reputation: 15
Google has 28 maches for "cssrnn.exe" none in english as yet.

On tranlating one of them came across this line
Quote:
process://C:\WINDOWS\System32\cssrnn.exe - Exploit:Win32/RpcDcom.gen! - > Infected
Try scearching for "RpcDcom".

Looks like a bad worm and any thing that can be infect already is.

It is unlikly that your Linux is infected, just all those windows machines behind it.

Last edited by m_shroom; 12-10-2004 at 01:48 PM.
 
Old 12-10-2004, 01:36 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Could you also provide tcpdump output? It would be rather odd to see a cross-platform worm that affects both linux and windows (assuming the LAN clients are windows). Also could you post the output of lsof -i as well as verify your current ARP table corresponds to the correct host -> mac mappings (list contents of arp table with arp -a). If you have Antivirus on the LAN hosts, then run a scan and see what it finds.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange ARP behavior : A linux server responds to all ARP requests Hdvd21 Linux - Networking 4 10-24-2013 05:02 AM
how to stop arp Denial of service/flood? 4mix Linux - Networking 4 06-13-2013 03:14 AM
sending an arp request jagman Programming 2 02-27-2006 02:59 PM
TCP/IP Packet sending Resolve ARP cranium2004 Linux - Networking 3 02-03-2005 09:40 PM
Can't SYN Flood a Linux jveron23 Linux - Security 3 10-06-2003 11:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration