Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address 220.127.116.11 or host name evurqpbeuqxmwl.info on any port with a network sniffer such as wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to 18.104.22.168 or evurqpbeuqxmwl.info. See Advanced Techniques for more detail on how to use wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.
with wireshark, can I scan my whole network from my station ?
ok, my servers are all connected to the main switch, also the firewall is connected here.
So I can install wireshark on a server and scan all, right ?
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
strange is, today we are not listed on CBL, but when I check mxtoolbox.com, we are still listed.
Do you know why ?
From novice to tech pro — start learning today.
Members can enroll in this course at no extra cost.