To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
If you are in a corporate environment, check for user traffic on your firewall
during off hours, like weekends or between 2-5am.....
----- Original Message ----
From: Thomas Raef <[EMAIL PROTECTED]>
To: [email protected]
Sent: Friday, January 26, 2007 12:26:30 PM
Subject: Re: [botnets] Detecting zombies
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
I haven't seen any personally, but I've read that some bots won't appear in
netstat because if they're a rootkit, they won't use the NT IP stack and
therefore won't show-up in netstat. I've also personally seen infections where
they replaced the netstat.exe file with one that won't show their connections.
I was creating a webcast to show others how to use netstat when I came across
this information.
Anyone with more expertise care to confirm or deny?
So to answer your question, I believe the only way is to watch the traffic at
the router/gateway. Close all programs and sit and watch for any connections
from that PC to the outside. With all programs closed, you shouldn't see any
traffic, unless it's set to autoupdate.
That's my two cents worth.
From: dr cronk [mailto:[EMAIL PROTECTED]
Sent: Fri 1/26/2007 8:43 AM
To: [email protected]
Subject: [botnets] Detecting zombies
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
