LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-19-2006, 10:54 AM   #1
erimar77
Member
 
Registered: Jan 2006
Posts: 76

Rep: Reputation: 15
locate infected machine from dhcp server


I have a CentOS machine running DHCP and NAT though gShield. I am getting reports from my ISP saying that machine is "infected" because it's trying to connect to known bot controller. There's quite a few Windows machines grabbing DHCP addresses from this server, what would be the easiest way to find out which machine is infected without walking to each machine and scanning it for viruses/spyware.
 
Old 05-19-2006, 01:44 PM   #2
pljvaldez
LQ Guru
 
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 272Reputation: 272Reputation: 272
First I'm no expert, but someone at work suggested trying to use snort. I just glanced through the documentation and it looked like you could log packets being sent over the network. Did the ISP tell you the IP of the bot controller? Maybe you could grep the log for that IP and see where it originated. Or maybe you can somehow use the log to count which client is trying to send the most packets... Good luck, sorry I couldn't be more help!
 
Old 05-20-2006, 10:33 AM   #3
erimar77
Member
 
Registered: Jan 2006
Posts: 76

Original Poster
Rep: Reputation: 15
thanks for the info, i've posted this question on a few forums and am receiving all kinds of good ideas.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 ip assigned by dhcp , how would i know the ip address of the dhcp server where.. kublador Linux - Networking 14 05-16-2006 07:33 AM
Linux machine as DHCP server spony Linux - Networking 4 12-23-2003 09:47 AM
RH 7.3 Server infected with Linux.Jac.8759 and Linux.RST.B virus osso09 Linux - Security 10 11-18-2003 12:37 AM
Machine gets IP from DHCP but can't see the world JoAnywhere Linux - Networking 7 10-28-2003 08:28 PM
XP Pro Build 2600/sp1 v.1105 DHCP Client to Redhat 8.0 DHCP Server - Problems atomant Linux - Networking 5 06-28-2003 12:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration