Your technology certification is waiting. Enroll in Cloud Class ®
In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address 22.214.171.124 or host name evurqpbeuqxmwl.info on any port with a network sniffer such as wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to 126.96.36.199 or evurqpbeuqxmwl.info. See Advanced Techniques for more detail on how to use wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.
with wireshark, can I scan my whole network from my station ?
ok, my servers are all connected to the main switch, also the firewall is connected here.
So I can install wireshark on a server and scan all, right ?
strange is, today we are not listed on CBL, but when I check mxtoolbox.com, we are still listed.
Do you know why ?
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.