Understanding Malware and how OpenDNS helps

Follow

Comments

8 comments

  • Avatar
    bsprakash

    very helpful.,

    Could have been better if you have option to know the PC or LAN IP Without AD or Umberella..

  • Avatar
    rotblitz

    "option to know the PC or LAN IP"

    An external service like OpenDNS has (fortunately) no way to look into your LAN without you running additional local programs working with AD etc.  Else your LAN would be a paradise for hackers, and "security" provided by OpenDNS would be counterproductive and the contrary of security.

  • Avatar
    pe0mot

    So, how to find the source in my network?

  • Avatar
    pe0mot

    I switched back 9/26 from DynDNS (is better in synching IP to DDNS from any router) to OpenDNS (faster, better pannel).

    "Malware/Botnet Activity Detected", so just checked the stats sind 9/26 “only domains blocked as malware.”

    The result is: "Oops! We don't have any data for you. Try searching a larger range or go surf the net to generate some data."

     

  • Avatar
    rotblitz

    "So, how to find the source in my network?"

    By local logging, e.g. on your router or on the computer or on a server you operate.

    Examples of programs for running on a PC: 
    http://www.nirsoft.net/utils/dns_query_sniffer.html (DNS traffic) 
    http://www.pyrenean.com/Filtering (DNS traffic) 
    http://fiddler2.com/ (web traffic) 
    Or a packet sniffer: http://www.tech-faq.com/packet-sniffer.html

    "checked the stats since 9/26 “only domains blocked as malware.” 
    The result is: "Oops! We don't have any data for you."

    In case you use the free version (OpenDNS Home Basic), this stores stats for 14 days only, and 9/26 is older.  You had to upgrade to OpenDNS VIP to have stats for one year.

    So dismiss the message for now by clicking the red X to see if it ever comes up again.

  • Avatar
    pe0mot

    Thanks, I've found it.

    At my home page, in the same line as the red X there is a Stats link which brings me directly to the log entry showing the date it happened.

     

  • Avatar
    rotblitz

    Ah I see, and I knew.  I thought you used this link from begin and didn't see anything, because it happened more than 14 days ago already...

  • Avatar
    shenoynag

    Can I Generate Report Saying which domain name is resolved to which IP. 

Article is closed for comments.