Answer the question
In order to leave comments, you need to log in
U
U
uskaritel2017-04-19 23:04:38
uskaritel, 2017-04-19 23:04:38
How to find out if there was an infection?
Good afternoon.
Today, a letter fell from the provider to the mail that suspicious activity was made from my IP at "2017-04-15 18:51:44" and the provider identified it as Botnet. I'm pretty sure it's all a misunderstanding.
In the home network, there is one server on centos that acts as a test bench and a field for experiments (maybe I messed up something there), the second "server" is raspberry on which openVPN runs.
From what logs and how can I extract information about the events 2017-04-15 18:51:44 so that later I can send it to the provider and find out what happened myself?
3 answer(s)
@zzevaka
L
Leonid, 2017-04-20 @zzevaka
Ask your provider about the nature of the malicious traffic: hosts, ports, protocols. Using it, try to identify the service that has been attacked. Digging all the logs of everything is useless. If you have a router with an external IP address, first of all check if it is responding to DNS queries from the outside - the most commonly used hole.
Well, go through your nmap server and disable / close everything unnecessary.
Similar questions
P
S
D
1
Z
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question