4

Title has it all. I consider myself a power user and a tiny bit more knowledgeable than the average Joe. Still I wonder sometimes if my computer might be part of a botnet without me knowing. Is there anyway I can tell if this is so ? (No evidence on my side, to support my concerns)

Иво Недев
  • 170
  • 10

2 Answers2

2

Yes, you can look for certain things to know whether your computer is being used as a botnet:

  • Look for unnecessary outgoing connections from your PC, using various windows or Linux or MAC(whichever you are using) tools.
  • Unnecessary programs running in your computer. Check the list of programs running currently, you may find something surprising maybe something you never started.
  • Lookout for sudden increase in outgoing traffic, Monitor outgoing traffic(graphs preferably) and check if you see spikes in them. Check their timestamps, are they regular and during same timestamps everyday?
  • And At last keep your computer protected so that no incoming connections can be made, and a good antivirus and antimalware is installed so that your computer can be protected from getting infected.

But as they say, You can never be too careful. You can just hope for the best :)

Anirudh Malhotra
  • 262
  • 1
  • 6
  • This is a good answer and outlines all of the points that I would have made. Point I would make to the OP is that if you believe that your machine is infected and is part of a botnet. You need to completely reset it. Needless to say before doing that you should probably attempt to figure out how the machine was infected in the first place so it doesn't happen all over again. It's possible the machine wasn't the first device in the network to become infected. – RedBullNinja Oct 25 '16 at 07:47
1

Is it possible my computer is part of a ddos network

It is very much possible that your machine may be a part of Botnet. And if you use to install software downloaded from internet, then chances are going to be high.

Is there anyway I can tell if this is so ?

  • You can check the connections which are established from your machine.
    You check this through netstat command.
  • If you are accessing the Internet through a proxy or firewall, then you can check the logs of the firewall (or a proxy) on daily basis and check if there are connections to Internet which looks suspicious ( connections like going to external server over port 53; or chargen packets or large number of packets to some IP/Server).
  • You can also check the usage (bandwidth and number of connections) of your; especially at the time when you was not logged-in to the machine.

Best ways to protect you from being a part of Botnet:

  • Install a genuine copy of Antivirus and keep the signatures updated
  • Keep your host OS updated and patched
  • Switch off the machine when not in use (if it not a server)
schroeder
  • 123,438
  • 55
  • 284
  • 319
Gaurav Kansal
  • 637
  • 6
  • 22
  • `netstat` will only report if the installed network driver reports to the OS. A very good botnet would write a custom network driver to hide the traffic from any packet sniffers, making it impossible to see the traffic from the infected computer. However, you can detect this traffic on an external computer connected to the same network – Kellen Stuart Oct 28 '16 at 03:50