Solved

Is there any free software out there that could help me figure out which machine in my network is Spamming?

Posted on 2009-05-04
6
345 Views
Last Modified: 2013-11-22
Is there any free software out there that can help locate a Spammer within our network?  We know that they are not using our mail server.  We suspect it is someone with a virus on their machine however, our antivirus for whatever reason can not find them.  I beliveve the reason why our antivirus does not find them is because I think the culprit is in a seperate VLAN.  This only narrows it down to about 100 machines.  I wish to narrow it down further but economic times being what they are I was looking for a free software solution if possible.  We have already tried turning off port 25 but were unable to locate the spammer.  Please help.
0
Comment
Question by:Relinda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Accepted Solution

by:
jaydee-cdgp earned 500 total points
ID: 24301342
Ethereal or now called Wireshark can monitor traffic on your network may help.  Find out who's the top talker / or transmitting particular traffic?
0
 
LVL 4

Expert Comment

by:Interserv
ID: 24503499
http://www.axencesoftware.com/index.php?action=NTPro

this set of tools is really good and simple to use.  I'd scan hosts to see which ones are running smtp and see if one is running smtp that shouldn't.  If you have a firewall in place you might also want to block port 25 from outbound traffic for everything except your mailserver(s).  This is a friendly rule to have in place all of the time on your firewall.  You can also create an ACL on most routers if your firewall is not capable of blocking port 25.
0
 
LVL 8

Expert Comment

by:SeeMeShakinMyHead
ID: 25131244
Where did you turn port 25 off at?  If at the firewall, you should be able to look at the logs to determine the culprit.  If on the router, then I would create an ACL that allows TCP 25 and run debug ip packet detail command to see which PC is using port 25 the most (it may be the only one).  Please also describe why you think someone is blasting emails from your network.  Did you recently get on a blacklist?  Also, do you run your own mail server on your network?
0
 
LVL 9

Expert Comment

by:tsaico
ID: 25628968
Another Vote for the turning off open ports at the firewall.  It is really handy to then look at the IP with the most amount of traffic and then get the information from there.  If possible, you can also get a second IP for the email server and keep oit seperate from the NAT for surfing.  This way, if you get hit again, your email server's ip doesn't get blacklisted (unless your entire IP block does), but it is the best to stop it on outbound connections.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34671029
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question