From: FromTheRafters on
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:hln2k302cmr(a)news3.newsguy.com...
> From: "RayLopez99" <raylopez88(a)gmail.com>
>
>
> | Very interesting. My definition of botnet: I assumed it was a
> server
> | that inserted a virus into your computer (the client). So if you
> | don't have the virus on your machine, you are not part of a botnet.
>
> | The Wiki article of 25% is an exaggeration then, noted.
>
> | RL
>
> NO !
>
> A botnet is a group of infected computers (via virus or trojan) that
> are controlled by a
> central operator(s) where the Command and Control (Aka; C&C or C2)
> tells the 'bots what to
> do and and how to act.
>
> There are botnets that perform spam.
>
> There are botnets that perform a DDoS on specified sites.

Did you leave out folding protein math and looking for E.T. on purpose?
:oD

Did Wiki?


From: RayLopez99 on
On Feb 20, 12:33 am, "FromTheRafters" <erra...(a)nomail.afraid.org>
wrote:
> "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote in
> > There are botnets that perform spam.
>
> > There are botnets that perform a DDoS on specified sites.
>
> Did you leave out folding protein math and looking for E.T. on purpose?
> :oD
>
> Did Wiki?

I think that's the key. Any client in a server is potentially a
"botnet", broadly defined. So the Wiki stat is probably a 'high'
number.

RL

From: FromTheRafters on

"RayLopez99" <raylopez88(a)gmail.com> wrote in message
news:e67c54de-2ada-40dc-a4c1-2185c7c707f3(a)upsg2000gro.googlegroups.com...
On Feb 20, 12:33 am, "FromTheRafters" <erra...(a)nomail.afraid.org>
wrote:
> "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote in
> > There are botnets that perform spam.
>
> > There are botnets that perform a DDoS on specified sites.
>
> Did you leave out folding protein math and looking for E.T. on
> purpose?
> :oD
>
> Did Wiki?

I think that's the key. Any client in a server is potentially a
"botnet", broadly defined. So the Wiki stat is probably a 'high'
number.

***
I was only joking about wiki. Since the word "infected" was used, it is
clear that they were writing about bots that run on stolen computing
power.
***


From: David Kaye on
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote:

>I think that's the key. Any client in a server is potentially a
>"botnet", broadly defined. So the Wiki stat is probably a 'high'
>number.

But only if it is being controlled by a server. A good portscan or the
warning messages from a firewall such as ZoneAlarm would show immediately
whether a computer was acting as a bot or not.

Shut down any browsers, Outlook, etc., go away for 10 minutes. Run the
portscan and see what dot-quad addresses are being accessed. Should only be
your router and maybe Apple (if you've installed iTunes or QuickTime) and
maybe Adobe if you have an Adobe product, etc. A good port scanner will
resolve the addresses for you and tell you what your connections are looking
at. If some dot-quads don't resolve to domain names or the domain name ends
in .ch (China), .ru (Russia), .pl (Poland), etc., then you're in trouble. You
likely have a bot.

As I said earlier, very few of my malware customers have these, which is why I
dispute the 88% or 92% or whatever figures. I'm just not seeing many of them.

I suspect that most of this bot activity is taking place not on the majority
of home computers but on computers people don't look at very often such as web
servers, mail servers, etc.

From: RayLopez99 on
On Feb 21, 4:09 am, sfdavidka...(a)yahoo.com (David Kaye) wrote:
> "FromTheRafters" <erra...(a)nomail.afraid.org> wrote:
> >I think that's the key.  Any client in a server is potentially a
> >"botnet", broadly defined.  So the Wiki stat is probably a 'high'
> >number.
>
> But only if it is being controlled by a server.  A good portscan or the
> warning messages from a firewall such as ZoneAlarm would show immediately
> whether a computer was acting as a bot or not.  
>
> Shut down any browsers, Outlook, etc., go away for 10 minutes.  Run the
> portscan and see what dot-quad addresses are being accessed.  Should only be
> your router and maybe Apple (if you've installed iTunes or QuickTime) and
> maybe Adobe if you have an Adobe product, etc.  A good port scanner will
> resolve the addresses for you and tell you what your connections are looking
> at.  If some dot-quads don't resolve to domain names or the domain name ends
> in .ch (China), .ru (Russia), .pl (Poland), etc., then you're in trouble.  You
> likely have a bot.
>
> As I said earlier, very few of my malware customers have these, which is why I
> dispute the 88% or 92% or whatever figures.  I'm just not seeing many of them.
>
> I suspect that most of this bot activity is taking place not on the majority
> of home computers but on computers people don't look at very often such as web
> servers, mail servers, etc.  

Interesting, thanks. I am using Webroot, which has a firewall and
virus engine (Sophos licensed) but I guess it doesn't have a port
scan. However, if your clients are not 100% savvy (otherwise they
would not need your expertise) then you can safely say that most of
the time bots are not running on people's machines that run 'ordinary'
virus/firewall commercial packages (I trust almost all of your clients
are running some kind of such package, as it's nearly inconceivable
that they are not). So from these two facts we can deduce that bots
are not as common as stated on Wiki--for "people occupied" PCs that
are not running unattended as servers. So likely I don't have a bot
either. I do have a firewall "Look-n-stop" and on occasion I check
out the IP address on Whois.

Today I notice a slightly suspicious looking entry:
ppp-124-120-170-40.revip2.asian ??? What can this be?

But it's probably nothing (I think).

RL