Re: sending spam
- From: "Cliff Galiher" <cgaliher@xxxxxxxxx>
- Date: Mon, 20 Oct 2008 16:50:46 -0600
Just as a point of interest, wireshark puts the NIC in promiscuous mode if it can. Since a server is already handling network traffic from multiple clients, I'm not a fan of running it on a server. A client is usually sufficient for this type of troubleshooting.
But ultimately I'd recommend using firewall logs to track down the offending machine first. If a person is not sure how to track down a machine opening massive SMTP connections, then I think sifting through wireshark's rather verbose logging might be asking a little much out of the gate. :)
-Cliff
"Amnon Feiner" <afeiner@xxxxxx> wrote in message news:48FD01E2.5030904@xxxxxxxxx
Johnfli wrote:My ISP is telling me that some computer on my network is sending out spam email, at teh rate of about 50,000 per day (their words)In addition, and assuming you handle mail only with your SBS, you can download wireshark and install on your SBS, launch by either clicking the icon or click on capture (one or twe nic?) and look at the logs. That computer will populate.
How can I find out what machine is doing that??
Onc eyou found it, make sure to install an AV on it (do you have any installed)?
--
Amnon Feiner
.
- Follow-Ups:
- Re: sending spam
- From: David
- Re: sending spam
- References:
- sending spam
- From: Johnfli
- Re: sending spam
- From: Amnon Feiner
- sending spam
- Prev by Date: Re: anti-virus and anti-spam
- Next by Date: Re: AD Errors after HP driver updates
- Previous by thread: Re: sending spam
- Next by thread: Re: sending spam
- Index(es):
Relevant Pages
|
