Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 05-19-2006, 10:54 AM   #1
Registered: Jan 2006
Posts: 76

Rep: Reputation: 15
locate infected machine from dhcp server

I have a CentOS machine running DHCP and NAT though gShield. I am getting reports from my ISP saying that machine is "infected" because it's trying to connect to known bot controller. There's quite a few Windows machines grabbing DHCP addresses from this server, what would be the easiest way to find out which machine is infected without walking to each machine and scanning it for viruses/spyware.
Old 05-19-2006, 01:44 PM   #2
LQ Guru
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094

Rep: Reputation: 272Reputation: 272Reputation: 272
First I'm no expert, but someone at work suggested trying to use snort. I just glanced through the documentation and it looked like you could log packets being sent over the network. Did the ISP tell you the IP of the bot controller? Maybe you could grep the log for that IP and see where it originated. Or maybe you can somehow use the log to count which client is trying to send the most packets... Good luck, sorry I couldn't be more help!
Old 05-20-2006, 10:33 AM   #3
Registered: Jan 2006
Posts: 76

Original Poster
Rep: Reputation: 15
thanks for the info, i've posted this question on a few forums and am receiving all kinds of good ideas.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 ip assigned by dhcp , how would i know the ip address of the dhcp server where.. kublador Linux - Networking 14 05-16-2006 07:33 AM
Linux machine as DHCP server spony Linux - Networking 4 12-23-2003 09:47 AM
RH 7.3 Server infected with Linux.Jac.8759 and Linux.RST.B virus osso09 Linux - Security 10 11-18-2003 12:37 AM
Machine gets IP from DHCP but can't see the world JoAnywhere Linux - Networking 7 10-28-2003 08:28 PM
XP Pro Build 2600/sp1 v.1105 DHCP Client to Redhat 8.0 DHCP Server - Problems atomant Linux - Networking 5 06-28-2003 12:24 PM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:33 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration