Kamaraju Kusumanchi wrote:
On Monday 08 January 2007 14:13, Russell L. Harris wrote:
So, before I preach about the dangers of spyware and zombies to my
buddies using Window$, how can I be certain that my own Debian machine
has not been compromised and has not become a zombie? Is there a
simple test which I can run on a weekly basis?
You can use senderbase statistics to see if there is a huge increase in email
activity from the IP address under consideration.
For example, if you visit
http://www.senderbase.org/search?searchString=204.13.69.220
It says that on average the machine sends 10^2.9 emails per day. In the last
30 days, it sent 10^3.6 emails per day. Last day (ie yesterday) it sent
10^4.9 emails. The trend clearly indiciates that there has been an increase
in email activity which might correlate with the machine being a zombie.
This is not a fool proof test. But I have seen people being referred to this
website on spamcop forums, news groups.
Also check dshield to see if your machine has tried to get in anywhere.
Go to http://www.dshield.org/ipinfo.html?ip=<your.ip.add.ress>.
Some entries are benign noise, but if you see several thousand hits on
port 22, you are probably owned.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
