View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 4 posts ] 
Print view Previous topic   Next topic  
Author Message
Search for:
 Post subject: windows IRC bots
PostPosted: Fri Feb 08, 2008 1:53 pm 
Offline
Joined: Tue Apr 13, 2004 6:51 pm
Posts: 890
Location: Groton, MA
this is WAY off topic, but you folks are my favorite techies.

I just switched my home network to OpenDNS for reliability and better domain filtering.

After 3 days I went to the Stats page which lists all DNS requests from my (ISP provided) IP. It is not granular enough to drive to to my NAT obscured boxes.

After 3 days I see this crap:
Code:
Host                   #of DNS requests
montreal.qc.ca.undernet.org     1,098   
mesa.az.us.undernet.org          1,092   
helsinki.fi.eu.undernet.org        1,091   
calgary.ab.ca.undernet.org       1,090   
diemen.nl.eu.undernet.org        1,090   
oslo2.no.eu.undernet.org          1,090   
status:                                    1,090   
zagreb.hr.eu.undernet.org        1,089   
amsterdam2.nl.eu.undernet.org 1,088   
sterling.va.us.undernet.org       1,088   
london.uk.eu.undernet.org        1,087   
oslo1.no.eu.undernet.org          1,087   
london2.uk.eu.undernet.org       1,084   


A little research indicates that undernet is a IRC server organization. As no one is intentionally running IRC, I am suspecting IRC-Bots. reasonable?

I have several XP and several knoppmyth based boxes. I think I'm gonna use wireshark to see which boxes are generating the DNS activity and proceed from there.

I have use OpenDNS to block the undernet.org domain....so the little bastards can't 'Phone Home'

Anyone have any experience / advice for cleaning this stuff up.

Thanks

_________________
R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 08, 2008 3:17 pm 
Offline
Joined: Sat Sep 02, 2006 9:17 am
Posts: 359
Try one of the spyware/adware remover tools. I'd give it about an 80% shot.

The best way, and most painful way, is to simply nuke the partition and re-install.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 08, 2008 4:10 pm 
Offline
Joined: Thu Feb 12, 2004 2:54 pm
Posts: 392
Location: Beaumont, CA
I used OpenDNS for a couple of weeks and found that some sites would not come up. I have no idea why, but after running into that a couple times I went back to my ISP DNS. :(

_________________
ASUS A7N266 Micro-ATX Motherboard
Athlon 2200 processor
512K Kingston PC2100 Memory
MicroAtx Case
2 PVR250's w/remote
eVGA e-GeForce mx4000 (64 Ram with Tv/Out (Svideo))
Lite-on DVD cd-rw combo
120 GB Western Digital


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 09, 2008 8:13 am 
Offline
Joined: Tue Apr 13, 2004 6:51 pm
Posts: 890
Location: Groton, MA
after domain blocking undernet.org for 24 hours, all of these dns requests stopped.

So the bots gave up...for now. they can't be controlled from the net.....but they lurk.

_________________
R5F1 - Dell P4 2.4Ghz 500MB - PVR250 x 2 - GeForce FX 5200 - Onboard sound/NIC 80GB ATA/250GB ATA/400GB SATA


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu