Detecting Malware Infected System Inside LAN


I just installed LEDE and so far I love everything.

My problem is one or multiple systems inside my LAN is infected by Conficker malware bot. According to its CNC server is located at It talks with CNC server once every week in average. This problem is more than a year old but finally decided to take care of it.

I have three Windows systems inside my LAN rest are all Linux so its has to be the windows system since Conficker only infects Windows. I am not able to determine which the infected system is, I tried running antivirus scan and even formatting those systems but without any success.

I want to find which systems are infected with Conficker. Is there any way to keep log of traffic directed to or maybe some other way to determine this?

Hi @CracklingCapacitor,

I think tcpdump should be your solution.
Take a look here you will find everything you are asking for.


1 Like

You can also use iptables to block and log all traffic with that destination.

While it may not represent an immediate solution, you might find this application interesting or useful - and your malware traffic could contribute to the project.

Introducing Noddos, a device-aware firewall

1 Like

I'm not an expert, but I also recently installed LEDE, and there is a problem with the operation of my laptop - it began to slow down a bit.
So you think that malware was installed with LEDE?

I checked everything, Windows Defender reports that everything is clean and the second defender ( is silent (to be honest then I'm happy))))

It is extremely unlikely that installing LEDE added malware to your laptop.

when you say it's slowing down, what's slowing down? network access or local