Personal computing discussed

Moderator: Dposcorp

 
Coldsnap
Gerbil First Class
Topic Author
Posts: 102
Joined: Fri Dec 07, 2007 11:46 am

How do you check for network bots?

Sat Jun 25, 2011 11:12 am

With the large popularity of using DDOS attacks from networks bots (Lulzsec, anon) I have recently become suspicious if my computer has a network bot. Apparently though these things are really hard to find because scans like Windows Securities doesn't pick them up. Anyone have any tips on finding them? Would be greatly appreciated, I have come up with nothing through google searches.
 
Usacomp2k3
Gerbil God
Posts: 21401
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: How do you check for network bots?

Sat Jun 25, 2011 12:04 pm

I don't have the answer, but I thought this was ironic:

WHO IS ONLINE
Users browsing this forum: Google Adsense [Bot] and 3 guests
 
UberGerbil
Grand Admiral Gerbil
Posts: 10171
Joined: Thu Jun 19, 2003 3:11 pm

Re: How do you check for network bots?

Sat Jun 25, 2011 12:08 pm

If your router can save logs (a lot of consumer routers claim to; the actual reality varies quite a bit), and you know what to look for, you can scan those for suspicious outgoing activity.
 
Coldsnap
Gerbil First Class
Topic Author
Posts: 102
Joined: Fri Dec 07, 2007 11:46 am

Re: How do you check for network bots?

Sat Jun 25, 2011 8:43 pm

Yea, I've downloaded a network log and I can see some suspicious activity. Now I need to scan for them or something
 
Jigar
Maximum Gerbil
Posts: 4822
Joined: Tue Mar 07, 2006 4:00 pm
Contact:

Re: How do you check for network bots?

Thu Sep 22, 2011 1:17 am

Coldsnap wrote:
Yea, I've downloaded a network log and I can see some suspicious activity. Now I need to scan for them or something


Download peerblock, block any IP that is accessing your system simple. BTW HTTP port will automatically be blocked, so half of your issues will be already taken cared.

EDIT: sorry mods, saw the thread date after posting.
Image
 
thegleek
Gold subscriber
Darth Gerbil
Posts: 7406
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI
Contact:

Re: How do you check for network bots?

Thu Sep 22, 2011 7:42 am

well since u dug it up, a simple netstat scan, filtering out for an IRC/BOT port, as an example:

netstat -an | findstr 6667

or just:

netstat -an | findstr ESTABLISHED

...and you can manually view all "ESTABLISHED" connections.
 
Jigar
Maximum Gerbil
Posts: 4822
Joined: Tue Mar 07, 2006 4:00 pm
Contact:

Re: How do you check for network bots?

Thu Sep 22, 2011 7:48 am

thegleek wrote:
well since u dug it up, a simple netstat scan, filtering out for an IRC/BOT port, as an example:

netstat -an | findstr 6667

or just:

netstat -an | findstr ESTABLISHED

...and you can manually view all "ESTABLISHED" connections.


Can you tell me how to block the IP, if i see any suspicious activity ? Till now peerblock has worked wonderful for me, but if i can do it without using any software i would love to learn it.
Image
 
thegleek
Gold subscriber
Darth Gerbil
Posts: 7406
Joined: Tue Jun 10, 2003 11:06 am
Location: Detroit, MI
Contact:

Re: How do you check for network bots?

Thu Sep 22, 2011 7:57 am

Jigar wrote:
Can you tell me how to block the IP, if i see any suspicious activity ? Till now peerblock has worked wonderful for me, but if i can do it without using any software i would love to learn it.

I guess you can include an 'o' with that netstat to show you the PID running off of any suspicious ports... That way the output gives you the PID running and you can see which process corresponds to that PID with Task Manager or Process Explorer.

netstat -ano | findstr {port/string/etc...}

That'll give you a better understanding what program is running in the background, where it's installed at, etc...

---

As far as blocking an IP (incoming or outgoing), the easiest way to go about this is configuring your router.

Who is online

Users browsing this forum: No registered users and 1 guest