How to detect a malware in my network using NMAP?

Networking/Security Forums -> Networking

Author: rpk2006 PostPosted: Mon Jan 03, 2011 8:36 pm    Post subject: How to detect a malware in my network using NMAP?
    ----
I just installed NMAP on my PC. Though I have a 3.1 Mbps internet connection, it runs very slow. I scanned my whole hard-disk with anti-virus, contacted customer support of my ISP and done everything but it is not improving.

Sometimes I think any worm is consuming the bandwidth and it is probably not detected by the anti-virus.

What type of information to trace using NMAP if any such malware is there?

Author: alt.don PostPosted: Mon Jan 03, 2011 11:37 pm    Post subject:
    ----
Nmap is a port scanner. What this means is that it will send a variety of packets to a pre-determined (by you) series of ports to see if there is an active socket listening for incoming connections.

What I am trying to say is that Nmap is not really what you should be using to see if you have malware on your computer. Please give us some more information about your platform ie: you running Microsoft Windows (if so what version and service pack) or are you running Linux/BSD/Mac and so on.

Please help us help you by giving us as much information as possible. As with all things in life, try and find the breakpoint. Where are things going wrong? Once you are able to diagnose the problem you will be able to correct it.

p.s we have an excellent malware forum here. You may wish to yourself of their services and expertise.

Author: Fire AntLocation: London PostPosted: Fri Jan 07, 2011 11:10 pm    Post subject:
    ----
Also to note, nmap is not the quickest of programs either. It really depends on what you are scanning and what options you are using.

I have waited 30 minutes for scans to finish before and then I wasnt scanning whole subnets either.

Matt

Author: rpk2006 PostPosted: Mon Jan 10, 2011 5:14 pm    Post subject:
    ----
Thanks for the replies.

I am using Windows 7. On other machines running Windows XP, I have installed a HoneyPot to capture web-traffic streams. Daily I get malicious URLs pointing to a remote file that might contain malicious code.

Please suggest some ways on how to monitor these streams effectively and identify potential threats. In the last few days I noticed few malwares just skipped the detection of many reputed anti-virus engines.



Networking/Security Forums -> Networking


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group