find workstations on network causing blacklist
Posted on 2013-05-28
I suspect i have a workstation on our network that is sending out spam, because we keep getting blacklisted.
I have verified our Server (running exchange 2003) is not causing the issue, so it must be a workstation.
Whats some good ways to determine which workstation is causing the problem?
I could install pcap on all workstations and use wireshark to check but installing pcap on 100 workstations seems like a bad idea.