Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is there any free software out there that could help me figure out which machine in my network is Spamming?

Posted on 2009-05-04
6
Medium Priority
?
348 Views
Last Modified: 2013-11-22
Is there any free software out there that can help locate a Spammer within our network?  We know that they are not using our mail server.  We suspect it is someone with a virus on their machine however, our antivirus for whatever reason can not find them.  I beliveve the reason why our antivirus does not find them is because I think the culprit is in a seperate VLAN.  This only narrows it down to about 100 machines.  I wish to narrow it down further but economic times being what they are I was looking for a free software solution if possible.  We have already tried turning off port 25 but were unable to locate the spammer.  Please help.
0
Comment
Question by:Relinda
6 Comments
 
LVL 6

Accepted Solution

by:
jaydee-cdgp earned 2000 total points
ID: 24301342
Ethereal or now called Wireshark can monitor traffic on your network may help.  Find out who's the top talker / or transmitting particular traffic?
0
 
LVL 4

Expert Comment

by:Interserv
ID: 24503499
http://www.axencesoftware.com/index.php?action=NTPro

this set of tools is really good and simple to use.  I'd scan hosts to see which ones are running smtp and see if one is running smtp that shouldn't.  If you have a firewall in place you might also want to block port 25 from outbound traffic for everything except your mailserver(s).  This is a friendly rule to have in place all of the time on your firewall.  You can also create an ACL on most routers if your firewall is not capable of blocking port 25.
0
 
LVL 8

Expert Comment

by:SeeMeShakinMyHead
ID: 25131244
Where did you turn port 25 off at?  If at the firewall, you should be able to look at the logs to determine the culprit.  If on the router, then I would create an ACL that allows TCP 25 and run debug ip packet detail command to see which PC is using port 25 the most (it may be the only one).  Please also describe why you think someone is blasting emails from your network.  Did you recently get on a blacklist?  Also, do you run your own mail server on your network?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 25628968
Another Vote for the turning off open ports at the firewall.  It is really handy to then look at the IP with the most amount of traffic and then get the information from there.  If possible, you can also get a second IP for the email server and keep oit seperate from the NAT for surfing.  This way, if you get hit again, your email server's ip doesn't get blacklisted (unless your entire IP block does), but it is the best to stop it on outbound connections.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34671029
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question