[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to tell if a Linux machine is a zombie?

On Monday 08 January 2007 14:13, Russell L. Harris wrote:

> So, before I preach about the dangers of spyware and zombies to my
> buddies using Window$, how can I be certain that my own Debian machine
> has not been compromised and has not become a zombie?  Is there a
> simple test which I can run on a weekly basis?
>

You can use senderbase statistics to see if there is a huge increase in email 
activity from the IP address under consideration.

For example, if you visit

http://www.senderbase.org/search?searchString=204.13.69.220

It says that on average the machine sends 10^2.9 emails per day. In the last 
30 days, it sent 10^3.6 emails per day. Last day (ie yesterday) it sent 
10^4.9 emails. The trend clearly indiciates that there has been an increase 
in email activity which might correlate with the machine being a zombie.

This is not a fool proof test. But I have seen people being referred to this 
website on spamcop forums, news groups.

hth
raju

-- 
Kamaraju S Kusumanchi
http://www.people.cornell.edu/pages/kk288/
http://malayamaarutham.blogspot.com/

----------------------------------------------------------------------
Affordable Health Insurance
Health coverage ideal for individuals and their families: Free quote!
http://tags.bluebottle.com/fc/MhtYWUi3OrSDWfa4e5msXFDx0LpgJ42DfsVSk/
Reply to: