LinHES Forums http://forums.linhes.org/ |
|
windows IRC bots http://forums.linhes.org/viewtopic.php?f=13&t=17851 |
Page 1 of 1 |
Author: | khrusher [ Fri Feb 08, 2008 1:53 pm ] |
Post subject: | windows IRC bots |
this is WAY off topic, but you folks are my favorite techies. I just switched my home network to OpenDNS for reliability and better domain filtering. After 3 days I went to the Stats page which lists all DNS requests from my (ISP provided) IP. It is not granular enough to drive to to my NAT obscured boxes. After 3 days I see this crap: Code: Host #of DNS requests
montreal.qc.ca.undernet.org 1,098 mesa.az.us.undernet.org 1,092 helsinki.fi.eu.undernet.org 1,091 calgary.ab.ca.undernet.org 1,090 diemen.nl.eu.undernet.org 1,090 oslo2.no.eu.undernet.org 1,090 status: 1,090 zagreb.hr.eu.undernet.org 1,089 amsterdam2.nl.eu.undernet.org 1,088 sterling.va.us.undernet.org 1,088 london.uk.eu.undernet.org 1,087 oslo1.no.eu.undernet.org 1,087 london2.uk.eu.undernet.org 1,084 A little research indicates that undernet is a IRC server organization. As no one is intentionally running IRC, I am suspecting IRC-Bots. reasonable? I have several XP and several knoppmyth based boxes. I think I'm gonna use wireshark to see which boxes are generating the DNS activity and proceed from there. I have use OpenDNS to block the undernet.org domain....so the little bastards can't 'Phone Home' Anyone have any experience / advice for cleaning this stuff up. Thanks |
Author: | jmckeown2 [ Fri Feb 08, 2008 3:17 pm ] |
Post subject: | |
Try one of the spyware/adware remover tools. I'd give it about an 80% shot. The best way, and most painful way, is to simply nuke the partition and re-install. |
Author: | elgordo123 [ Fri Feb 08, 2008 4:10 pm ] |
Post subject: | |
I used OpenDNS for a couple of weeks and found that some sites would not come up. I have no idea why, but after running into that a couple times I went back to my ISP DNS. |
Author: | khrusher [ Sat Feb 09, 2008 8:13 am ] |
Post subject: | |
after domain blocking undernet.org for 24 hours, all of these dns requests stopped. So the bots gave up...for now. they can't be controlled from the net.....but they lurk. |
Page 1 of 1 | All times are UTC - 6 hours |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |