tool to detect botnet member in LAN

suse_paul · February 6, 2014, 12:57pm

I had been notified by my IP-provider that participation in botnet activity (ntp-multiplier) from a computer in my LAN had been deteted via a sinkhole.

Of course I suspect the WIN XP system, but I have no idea whether my openususe systems might be the cause or are at least infected.
(chkroot and rkhunter did not find anything)

Is there a tool (eg. sniffer) for Opensuse (12.3) that can be used to track down the bontnet member in my LAN?

what can I do to check the opensuse installations?

thanks!

robin_listas · February 6, 2014, 7:24pm

On 2014-02-06 13:06, suse paul wrote:
>
> I had been notified by my IP-provider that participation in botnet
> activity (ntp-multiplier) from a computer in my LAN had been deteted via
> a sinkhole.

Check that your Linux machines are updated. There was recently a patch
to NTP for a security problem. I think it is that one.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))