Problem: CBL Block
IP Address xxx.xxx.xxx.xx is listed in the CBL. It appears to
be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2014-05-13 21:00 GMT (+/- 30 minutes),
approximately 3 hours, 30 minutes ago.
It has been relisted following a previous removal at 2014-05-12
01:48 GMT (1 days, 22 hours, 13 minutes ago)
This IP is infected (or NATting for a
computer that is infected) with the cutwail spambot. In other words,
it's participating in a botnet.
Solution:
How to find BOTs in a LAN
1. On Windows,
use this in a dos command window:
在DOS 下跑 : netstat
5
This will give you a list of all network connections your
machine has open, much like *NIX netstat above every 5 seconds until you stop
it. You're looking for very much the same sort of things as *NIX netstat above.
You'll probably see Microsoft, Yahoo and other familiar names - they're normal
(from your browser, IM etc). "Akamai" perhaps won't be familiar, but
it's normal too. Lots of port 25 connections is the usual sign of infection.
2. Port
Scanners using Nmap tool
Detailed description of how to use nmap is well beyond the scope
of this paper. For our purposes, the following command will do most of what you
want and be non-destructive - won't do any damage:
nmap -A [machine or network specification]
沒有留言:
張貼留言