On Friday 19 May 2006 9:57 am, Eric Martin wrote: > I have a CentOS machine running DHCP and NAT though gShield. I am getting > reports from my ISP saying that machine is "infected" because it's trying > to connect to known bot controller. There's quite a few Windows machines > grabbing DHCP addresses from this server, what would be the easiest way to > find out which machine is infected without walking to each machine and > scanning it for viruses/spyware. > > thanks for any help you can give me..
find out what port the bot uses & run a nessus scan on each machine? or better yet, just run a nessus scan against 192.168.0.1/24 (assuming that's the IP used by your dhcp server). that'll get your whole internal network. or an nmap scan. that'd probably be quickest. scott -- R. Scott Granneman [EMAIL PROTECTED] ~ www.granneman.com Full list of publications: http://www.granneman.com/publications My new book on Firefox: Don't Click on the Blue E! Info at: http://www.oreilly.com/catalog/bluee/ Read the Open Source Blog: http://opensource.weblogsinc.com Join GranneNotes! Information at www.granneman.com "Originality is the fine art of remembering what you hear but forgetting where you heard it." ---Laurence J. Peter _______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
