How Can I Tell If My Computer Is Part of a Botnet? 491
ashraya writes "My father (not too computer literate) has a desktop and a laptop both running Windows in his network back in Hyderabad, India. I set up a Linksys router for him to use with his broadband service. For some reason, he reset the config on the Linksys, and connected it up without wireless security, and also with the default admin password for some time. As you would expect, both of the Windows computers got 'slow,' and the desktop stopped connecting to the internet completely for some reason. As I logged in remotely to 'fix' things, I noticed on the Linksys' log that the laptop was making seemingly random connections to high-numbered ports on various IPs. I did an nslookup on the IPs to see that they were all either in Canada or US, with Comcast and other ISP addresses. Is that a sign that the computers were in a botnet? Are the other hosts part of the botnet too? (I have since rebuilt the Windows hosts, and these connections are not happening now. I have also secured the Linksys.)"
No (Score:5, Funny)
Re:Well the only fool proof way... (Score:5, Funny)
Well the only fool proof way
If that sentence doesn't end with "from orbit" and have "nuke it" in there somewhere it just isn't true!
Doesn't work (Score:1, Funny)
Doesn't work in XP.
C> netstat -a | find "LISTENING" [ENTER]
Response: NETSTAT is not not recognized as an internal or external command,operable program or batch file.
Re:Well the only fool proof way... (Score:5, Funny)
Did you know that both wireshark and tcpdump use libpcap? Wireshark has a pretty GUI, tcpdump is the command line version.
Perhaps it would help if I explained that in video format.
Captcha was "obvious", this is unnerving.
You can tell if.. (Score:4, Funny)
Re:Assume it is .. (Score:2, Funny)
and show them how to login as their normal username and use "run-as".
Awwww, how cute! He's trying to teach a user something!
Let's watch...
Dear Slashdot (Score:2, Funny)
Re:See what is going on with NETSTAT (Score:5, Funny)
This is windows. find == grep. Well, find < grep.
Re:Well the only fool proof way... (Score:5, Funny)
Is a father computer anything like a mother board?
Re:Proof of Infection? Clean Reinstall (Score:2, Funny)
For a suspicion? Good luck with that.
Oh, the irony... (Score:5, Funny)
Some chick named Alanis is calling you subby.
OS Check! (Score:5, Funny)
A: If it's got Windows on it, it is.
Simple check (Score:2, Funny)
Is it running windows?
He's Lying (Score:2, Funny)
He is clearly torrenting, and your best course of action would be to report his nefarious actions to the authorities.
Not hard... (Score:2, Funny)
It comes with a logo; looks like a window. :)
Re:Check network connections (Score:3, Funny)
... and now imagine I chose 'Plain text'
c:\>netstat -b
Your computer is fine.
c:\>
Sweet!
Re:Well the only fool proof way... (Score:4, Funny)
Because, I mean, he only gets paid when he's SUBTLE.
Re:Well the only fool proof way... (Score:3, Funny)
A horse is a horse,
Of course! Of course!
Re:Assume it is .. (Score:1, Funny)
what are you talking about? OSX has a dated Unix command line. All you have to do is type [apple]-[space] term [enter]. You can even make it a little better by typing bash [enter] after that.
Re:Well the only fool proof way... (Score:5, Funny)
If the answer to both your questions is "Yes", then you are most likely part of a botnet. This advice is free of charge.
Re:Well the only fool proof way... (Score:4, Funny)