First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How detecting a botnet from a pcap file ?

I want to know if there is a way to detect a botnet like Ares botnet from a pcap file please ?

salwa1215's avatar
1
salwa1215
asked 2020-06-24 15:14:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Article with link to the original report.

the Ares infection preys on the poorly secured configurations many set-top boxes use with the ADB debugging interface in Android. In many of the boxes, TCP port 5555 has been opened for both ADB and remote management commands, making it an easy target to any attacker able to scan the open internet.

Do you have a baseline for "normal" in your network? Does it include adb traffic?
The attack uses android adb.
A display filter of tcp.port==5555 or tcp.port in {5555..5585} would be a good start.

Chuckc's avatar
3k
Chuckc
answered 2020-06-24 15:46:39 +0000
edit flag offensive 0 remove flag delete link
more

Comments

2

If only folks would implement RFC 3514 properly then life would be easy.

grahamb's avatar grahamb (2020-06-24 16:06:44 +0000) edit
more
  • delete

I dont apply for Android. I used it for linux machine. I tested tcp.port==5555 or tcp.port in {5555..5585} but they are not used

salwa1215's avatar salwa1215 (2020-06-25 10:26:44 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer