Re: How to tell if a Linux machine is a zombie?

To: debian-user@lists.debian.org
Subject: Re: How to tell if a Linux machine is a zombie?
From: Paul Johnson <baloo@ursine.ca>
Date: Tue, 09 Jan 2007 11:31:42 -0800
Message-id: <[🔎] u57d74xpc7.ln2@ursa-major.ursine.ca>
References: <[🔎] 20070108191301.GA555@cromwell.tmiaf> <[🔎] 200701081538.22776.kamaraju@bluebottle.com>

Kamaraju Kusumanchi wrote:

> On Monday 08 January 2007 14:13, Russell L. Harris wrote:
> 
>> So, before I preach about the dangers of spyware and zombies to my
>> buddies using Window$, how can I be certain that my own Debian machine
>> has not been compromised and has not become a zombie?  Is there a
>> simple test which I can run on a weekly basis?
>>
> 
> You can use senderbase statistics to see if there is a huge increase in
> email activity from the IP address under consideration.
> 
> For example, if you visit
> 
> http://www.senderbase.org/search?searchString=204.13.69.220
> 
> It says that on average the machine sends 10^2.9 emails per day. In the
> last 30 days, it sent 10^3.6 emails per day. Last day (ie yesterday) it
> sent 10^4.9 emails. The trend clearly indiciates that there has been an
> increase in email activity which might correlate with the machine being a
> zombie.

I've noticed it tends to really, really highball the figures for really
small sites.  For example, it shows a magnitude of 2.0 for the last day,
but I know for a fact only two messages were sent yesterday, which
shouldn't even get me to 0.1 magnitude.

Reply to:

References:
- How to tell if a Linux machine is a zombie?
  - From: "Russell L. Harris" <rlharris@oplink.net>
- Re: How to tell if a Linux machine is a zombie?
  - From: Kamaraju Kusumanchi <kamaraju@bluebottle.com>

Prev by Date: Re: Root privilege (SOLVED)
Next by Date: Multimedia docs..
Previous by thread: Re: How to tell if a Linux machine is a zombie?
Next by thread: Re: How to tell if a Linux machine is a zombie?
Index(es):
- Date
- Thread