How detecting a botnet from a pcap file ?
I want to know if there is a way to detect a botnet like Ares botnet from a pcap file please ?
I want to know if there is a way to detect a botnet like Ares botnet from a pcap file please ?
Article with link to the original report.
the Ares infection preys on the poorly secured configurations many set-top boxes use with the ADB debugging interface in Android. In many of the boxes, TCP port 5555 has been opened for both ADB and remote management commands, making it an easy target to any attacker able to scan the open internet.
Do you have a baseline for "normal" in your network? Does it include adb
traffic?
The attack uses android adb.
A display filter of tcp.port==5555
or tcp.port in {5555..5585}
would be a good start.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2020-06-24 15:14:37 +0000
Seen: 1,876 times
Last updated: Jun 25 '20