Solved

Is there any free software out there that could help me figure out which machine in my network is Spamming?

Posted on 2009-05-04
6
344 Views
Last Modified: 2013-11-22
Is there any free software out there that can help locate a Spammer within our network?  We know that they are not using our mail server.  We suspect it is someone with a virus on their machine however, our antivirus for whatever reason can not find them.  I beliveve the reason why our antivirus does not find them is because I think the culprit is in a seperate VLAN.  This only narrows it down to about 100 machines.  I wish to narrow it down further but economic times being what they are I was looking for a free software solution if possible.  We have already tried turning off port 25 but were unable to locate the spammer.  Please help.
0
Comment
Question by:Relinda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Accepted Solution

by:
jaydee-cdgp earned 500 total points
ID: 24301342
Ethereal or now called Wireshark can monitor traffic on your network may help.  Find out who's the top talker / or transmitting particular traffic?
0
 
LVL 4

Expert Comment

by:Interserv
ID: 24503499
http://www.axencesoftware.com/index.php?action=NTPro

this set of tools is really good and simple to use.  I'd scan hosts to see which ones are running smtp and see if one is running smtp that shouldn't.  If you have a firewall in place you might also want to block port 25 from outbound traffic for everything except your mailserver(s).  This is a friendly rule to have in place all of the time on your firewall.  You can also create an ACL on most routers if your firewall is not capable of blocking port 25.
0
 
LVL 8

Expert Comment

by:SeeMeShakinMyHead
ID: 25131244
Where did you turn port 25 off at?  If at the firewall, you should be able to look at the logs to determine the culprit.  If on the router, then I would create an ACL that allows TCP 25 and run debug ip packet detail command to see which PC is using port 25 the most (it may be the only one).  Please also describe why you think someone is blasting emails from your network.  Did you recently get on a blacklist?  Also, do you run your own mail server on your network?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 25628968
Another Vote for the turning off open ports at the firewall.  It is really handy to then look at the IP with the most amount of traffic and then get the information from there.  If possible, you can also get a second IP for the email server and keep oit seperate from the NAT for surfing.  This way, if you get hit again, your email server's ip doesn't get blacklisted (unless your entire IP block does), but it is the best to stop it on outbound connections.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34671029
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question