Dos Check If You Are Infected
When you 1st activate you pc (BEFORE DIALING INTO YOUR ISP),
open a disk operating system Prompt window (start/programs disk operating system Prompt).
Then kind netstat -arn and press the Enter key.
Your screen ought to show the subsequent (without the dotted lines
which I supplementary for clarification).
-----------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
early native Address Foreign Address State
--------------------------------------------------------------------------------
If you see the rest, there may be a tangle (more thereon later).
Now dial into your ISP, once you're connected;
go back to the disk operating system Prompt and run a similar command as before
netstat -arn, this point it'll look kind of like the subsequent (without
dotted lines).
-------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
What you're seeing within the 1st section (Active Routes) below the heading of
Network Address area unit some further lines. the sole ones that ought to be there
are ones happiness to your ISP (more thereon later). within the second section
(Route Table) below native Address you're seeing the information science address that your ISP
assigned you (in this instance 216.1.104.70).
The numbers area unit divided into four dot notations, the primary 3 ought to be
the same for each sets, whereas during this case the .70 is that the distinctive range
assigned for THIS session. Next time you dial therein range can over
likely vary.
To make certain that the primary 3 notation area unit as they ought to be, we are going to run
one more command from the disk operating system window.
From the disk operating system Prompt kind tracert /www.yourispwebsite.com or .net
or no matter it ends in. Following is associate example of the output you must see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a most of thirty hops:
1 one28 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4]
2 one hundred fifteen ms 188 ms 117 ms chat-core.motion.net [216.1.104.1]
3 108 ms 116 ms 119 ms computer network.motion.net [207.239.117.112]
Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the one and a couple of the primary 3 notations of the
address match with what we have a tendency to saw higher than, that could be a smart issue. If it doesn't,
then some any investigation is required.
If everything matches like higher than, you'll virtually breath easier. Another issue
which must you ought to check is programs launched throughout startup. To find
these, Click start/programs/startup, investigate what shows up. you must be
able to acknowledge everything there, if not, once {more|another time|yet again|all over again} more investigation is
needed.
-------------------------------------------------------------------------------------------
Now simply because everything reportable out like we have a tendency to expected (and incontestible
above) we have a tendency to still aren't out of the woods. however is that this therefore, you ask? does one use
Netmeeting? does one get on IRC (Internet Relay Chat)? Or the other program
that makes use of the net. have you ever each recieved associate email with associate
attachment that led to .exe? The list goes on and on, essentially something
that you run might became infected with a trojan. What this implies, is
the program seems to try to to what you expect, however additionally will simply a touch additional.
This little additional can be blasting ebay.com or one in all the opposite sites that
CNNlive was talking concerning.
What are you able to do? Well some anti-virus code can discover some trojans.
Another (tedious) issue is to begin every of those "extra" net programs
one at a time and bear the last 2 steps higher than, observing the routes
and association the program uses. However, the tough half are going to be calculation
out wherever to tracert to so as to search out out if the addresses you see in
step a pair of area unit "safe" or not. I ought to warn you, that running tracert when
tracert, when tracert may be thought of "improper" by your ISP. The steps
outlined higher than might not work precisely as I even have declared relying upon your ISP,
but with a real ISP it ought to work. Finally, this advise comes with NO
warranty and by following my "hints' you implicitly unharness ME from ANY and
ALL liability that you will incur.
different choices
Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. show all connections and listening ports.
-e.. show local area network statistics. this could be combined with the -s choice.
-n.. Diplays address and port numbers within the numerical kind.
-p proto..Shows connections for the earlycol such by proto; proto could also be
TCP or UDP. If used with the -s choice to show per-protocol statistics,
proto could also be transmission control protocol, UDP, of IP.
-r.. show the routing table.
-s.. show per-protocol statistics. By default, statistics area unit shown for transmission control protocol
UDP and IP; the -p choice could also be wont to specify a set of the default
interval..Redisplay elect statistics, pausing intervals seconds between every
display. If omitted. netstat can print the present configuration info
once
open a disk operating system Prompt window (start/programs disk operating system Prompt).
Then kind netstat -arn and press the Enter key.
Your screen ought to show the subsequent (without the dotted lines
which I supplementary for clarification).
-----------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1
Route Table
Active Connections
early native Address Foreign Address State
--------------------------------------------------------------------------------
If you see the rest, there may be a tangle (more thereon later).
Now dial into your ISP, once you're connected;
go back to the disk operating system Prompt and run a similar command as before
netstat -arn, this point it'll look kind of like the subsequent (without
dotted lines).
-------------------------------------------------------------------------------------
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1
216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1
216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1
224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1
255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1
Route Table
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 216.1.104.70:137 0.0.0.0:0 LISTENING
TCP 216.1.104.70:138 0.0.0.0:0 LISTENING
TCP 216.1.104.70:139 0.0.0.0:0 LISTENING
UDP 216.1.104.70:137 *:*
What you're seeing within the 1st section (Active Routes) below the heading of
Network Address area unit some further lines. the sole ones that ought to be there
are ones happiness to your ISP (more thereon later). within the second section
(Route Table) below native Address you're seeing the information science address that your ISP
assigned you (in this instance 216.1.104.70).
The numbers area unit divided into four dot notations, the primary 3 ought to be
the same for each sets, whereas during this case the .70 is that the distinctive range
assigned for THIS session. Next time you dial therein range can over
likely vary.
To make certain that the primary 3 notation area unit as they ought to be, we are going to run
one more command from the disk operating system window.
From the disk operating system Prompt kind tracert /www.yourispwebsite.com or .net
or no matter it ends in. Following is associate example of the output you must see.
---------------------------------------------------------------------------------------
Tracing route to /www.motion.net [207.239.117.112]over a most of thirty hops:
1 one28 ms 2084 ms 102 ms chat-port.motion.net [216.1.104.4]
2 one hundred fifteen ms 188 ms 117 ms chat-core.motion.net [216.1.104.1]
3 108 ms 116 ms 119 ms computer network.motion.net [207.239.117.112]
Trace complete.
------------------------------------------------------------------------------------------
You will see that on lines with the one and a couple of the primary 3 notations of the
address match with what we have a tendency to saw higher than, that could be a smart issue. If it doesn't,
then some any investigation is required.
If everything matches like higher than, you'll virtually breath easier. Another issue
which must you ought to check is programs launched throughout startup. To find
these, Click start/programs/startup, investigate what shows up. you must be
able to acknowledge everything there, if not, once {more|another time|yet again|all over again} more investigation is
needed.
-------------------------------------------------------------------------------------------
Now simply because everything reportable out like we have a tendency to expected (and incontestible
above) we have a tendency to still aren't out of the woods. however is that this therefore, you ask? does one use
Netmeeting? does one get on IRC (Internet Relay Chat)? Or the other program
that makes use of the net. have you ever each recieved associate email with associate
attachment that led to .exe? The list goes on and on, essentially something
that you run might became infected with a trojan. What this implies, is
the program seems to try to to what you expect, however additionally will simply a touch additional.
This little additional can be blasting ebay.com or one in all the opposite sites that
CNNlive was talking concerning.
What are you able to do? Well some anti-virus code can discover some trojans.
Another (tedious) issue is to begin every of those "extra" net programs
one at a time and bear the last 2 steps higher than, observing the routes
and association the program uses. However, the tough half are going to be calculation
out wherever to tracert to so as to search out out if the addresses you see in
step a pair of area unit "safe" or not. I ought to warn you, that running tracert when
tracert, when tracert may be thought of "improper" by your ISP. The steps
outlined higher than might not work precisely as I even have declared relying upon your ISP,
but with a real ISP it ought to work. Finally, this advise comes with NO
warranty and by following my "hints' you implicitly unharness ME from ANY and
ALL liability that you will incur.
different choices
Display protocol statistics and current TCP/IP network connections.
Netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [intervals]
-a.. show all connections and listening ports.
-e.. show local area network statistics. this could be combined with the -s choice.
-n.. Diplays address and port numbers within the numerical kind.
-p proto..Shows connections for the earlycol such by proto; proto could also be
TCP or UDP. If used with the -s choice to show per-protocol statistics,
proto could also be transmission control protocol, UDP, of IP.
-r.. show the routing table.
-s.. show per-protocol statistics. By default, statistics area unit shown for transmission control protocol
UDP and IP; the -p choice could also be wont to specify a set of the default
interval..Redisplay elect statistics, pausing intervals seconds between every
display. If omitted. netstat can print the present configuration info
once
No comments