Page 1 of 1
How do you check for network bots?
Posted: Sat Jun 25, 2011 11:12 am
by Coldsnap
With the large popularity of using DDOS attacks from networks bots (Lulzsec, anon) I have recently become suspicious if my computer has a network bot. Apparently though these things are really hard to find because scans like Windows Securities doesn't pick them up. Anyone have any tips on finding them? Would be greatly appreciated, I have come up with nothing through google searches.
Re: How do you check for network bots?
Posted: Sat Jun 25, 2011 12:04 pm
by Usacomp2k3
I don't have the answer, but I thought this was ironic:
WHO IS ONLINE
Users browsing this forum: Google Adsense [Bot] and 3 guests
Re: How do you check for network bots?
Posted: Sat Jun 25, 2011 12:08 pm
by UberGerbil
If your router can save logs (a lot of consumer routers claim to; the actual reality varies quite a bit), and you know what to look for, you can scan those for suspicious outgoing activity.
Re: How do you check for network bots?
Posted: Sat Jun 25, 2011 8:43 pm
by Coldsnap
Yea, I've downloaded a network log and I can see some suspicious activity. Now I need to scan for them or something
Re: How do you check for network bots?
Posted: Thu Sep 22, 2011 1:17 am
by Jigar
Coldsnap wrote:Yea, I've downloaded a network log and I can see some suspicious activity. Now I need to scan for them or something
Download peerblock, block any IP that is accessing your system simple. BTW HTTP port will automatically be blocked, so half of your issues will be already taken cared.
EDIT: sorry mods, saw the thread date after posting.
Re: How do you check for network bots?
Posted: Thu Sep 22, 2011 7:42 am
by thegleek
well since u dug it up, a simple netstat scan, filtering out for an IRC/BOT port, as an example:
netstat -an | findstr 6667
or just:
netstat -an | findstr ESTABLISHED
...and you can manually view all "ESTABLISHED" connections.
Re: How do you check for network bots?
Posted: Thu Sep 22, 2011 7:48 am
by Jigar
thegleek wrote:well since u dug it up, a simple netstat scan, filtering out for an IRC/BOT port, as an example:
netstat -an | findstr 6667
or just:
netstat -an | findstr ESTABLISHED
...and you can manually view all "ESTABLISHED" connections.
Can you tell me how to block the IP, if i see any suspicious activity ? Till now peerblock has worked wonderful for me, but if i can do it without using any software i would love to learn it.
Re: How do you check for network bots?
Posted: Thu Sep 22, 2011 7:57 am
by thegleek
Jigar wrote:Can you tell me how to block the IP, if i see any suspicious activity ? Till now peerblock has worked wonderful for me, but if i can do it without using any software i would love to learn it.
I guess you can include an 'o' with that netstat to show you the PID running off of any suspicious ports... That way the output gives you the PID running and you can see which process corresponds to that PID with Task Manager or Process Explorer.
netstat -ano | findstr {port/string/etc...}
That'll give you a better understanding what program is running in the background, where it's installed at, etc...
---
As far as blocking an IP (incoming or outgoing), the easiest way to go about this is configuring your router.