Last year I have seen a lot of DDOS attacks aimed to website of news or independent communities. These websites were attacked by a botnet built from unknown virus (which wasn’t detected by any antivirus at that time). Some professionals found some variants of this virus but the websites were still heavily attacked.
Some of professional users are willing to help to find more variants of this virus. They would like to check if computers of their families are members of this botnet. However using a sniffer then running through forest of packet to identify which processes are flooding the websites, is too complicated for them.
Therefore I would like to write a simple tool to find out if a computer is building connection to a specific website through TCP or ICMP protocol. With this tool, a normal user can check if his computer is attacking specific website. Just simply enter the website, choose NIC (Network Interface Controller) and then click “Track It!”. Anytime when any process makes a connection to the website, tool – Doidw – will log it. For TCP protocol, Doidw will tells you which process sent out the packet. For ICMP protocol, Doidw can only tell you that there’s a process sending out packet to the website, but he can’t not locate the process. I’ll try to improve it.
You need to install WinPcap and .Net Framework 4 so that tool can run.
- Version: 188.8.131.52962
- Supported OS: All Windows
NOTE: If this tool doesn’t work with your system, post here your errors.
LINK DOWN: http://hintdesk.com/Web/Tool/Doidw.zip
- [184.108.40.206913] : Fix layout, save last urls, check WinPcap installed
- [220.127.116.11] : Multi-sites check supported
- [18.104.22.168] : Beta Version