Lana T: How to find rogue spammer on our network?
The phone company keeps calling us that there is a rogue spamming computer on our network. We have nearly 100 computers on our network. The phone company cannot tell us the ip of the rogue machine because all they see is the ip of the switch that connects us to their modem. The did tell us that it looks like the suspect machine has a bot on it sending spam mail through SNMP. How can we determine which machine it is? We use static IP addresses here. Thanks!
Answers and Views:
Answer by David D
Replace the switch with a computer that you can run a packet sniffer on (such as a Linux machine running tcpdump) and look to see where vast amounts of SMTP traffic is coming from.
probably an employee . you need to password your network and lock out everybody you don’t need on it. add software that can monitor who is on and what they are doing.Answer by Sean
Probably not going to figure it out without doing a little snooping. Do you employ a computer/network guy? If you have 100 computers, you probably should, IMO.
You’ll need to “sniff” the packets to find out the source using a packet analyzer. Check sources below…
Leave a Reply