|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
09-03-2009, 11:54 PM
|
#1 |
|
Member (6 bit)
Join Date: Jul 2008
Posts: 54
|
Botnet Paranoia
I am sometimes too paranoid about my computer and read up on things that I really shouldn't.
What is exactly a botnet? If I am on a botnet, is it just used for sending people spam, or ddos attacks? Can someone get my information? I scanned entire computer with malwarebytes. Nothing found. Downloaded snoopfree privacy shield. It did not report any logging besides legit microsoft services. Looked through process list. Googling every single one leads me to the company or a legit page, no malware mentioned. Every winXPSP3 update installed. I let my computer go on idle. For comparison I run an internet speed test, it's %5.03 when running that test. Idle... 0% network utilisation for about a minute or so, then maybe I get 0.08% for a few seconds. Then nothing again, repeat. Does windows or certain programs send something every few seconds? Restart computer. Connected to internet, 0% network utilisation for 10+ minutes. ========= Netstat test Going into command prompt... netstat. Same from clean boot, connected to internet but not using browser or anything. My local router's address is there twice. Router listed as router: In the first few seconds, I have my router's ip followed by netbios-ssn. I assume that this is my router detecting my computer starting up and asking for internet access? Computer:microsoft-ds router:52994 ESTABLISHED Computer:1058 198.63.203.32:http CLOSE_WAIT Computer:1072 router:5000 TIME_WAIT Computer:2869 router:3703 ESTABLISHED Looking up the ports on port authorities: http://www.grc.com/port_xxxx.htm 1058 is "nim", 2869 is "icslap", 3703 is "adobe server 3". 1072 is "kiosk", 5000 is "Universal Plug N' Play Event". I googled 5000 and found that you should disable SSDP Discovery Service, which I did. After 10 minutes or so of idling, router:netbios-ssn appeared in netstat, twice. It stayed there so I did ping www.google.com. netstat after that only sent back the 198.63.203.32, no router or anything else. What is 198.63.203.32 ? It stays at close_wait the entire time. Googling this brought me to different links, ip lookups and some mentioned some thing in chicago, IL ========= Anything else I can do to check if I have something like this? I know I'm probably being paranoid and wasting a lot of energy over nothing but I'd just like to have someone else's opinion on it. Thanks for replies. Edit: Restarted computer and did netstat again. 198.63.203.32 was no longer there but a new IP was, 205.177.95.55 . A whois lookup online said this was "Beyond The Network America". Last edited by PzkfW; 09-04-2009 at 12:18 AM. |
|
|
|
09-04-2009, 04:38 AM
|
#2 |
|
Ride 'em Cowboy
Join Date: Dec 1999
Location: Dallas, Tx
Posts: 9,109
|
Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software. While botnets are often named after their malicious software name, there are typically multiple botnets in operation using the same malicious software families, but operated by different criminal entities.[1]
While the term "botnet" can be used to refer to any group of bots, such as IRC bots, this word is generally used to refer to a collection of compromised computers (called Zombie computers) running software, usually installed via drive-by downloads exploiting Web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure. Continued Here
__________________
Stand Up 2 Cancer - SU2C |
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
