Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spambot monitoring software


  • Please log in to reply
1 reply to this topic

#1 CtrlAltDale

CtrlAltDale

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 18 January 2013 - 07:19 AM

I've just had to deal with a spambot infection on a client PC of an SBS 2003 served LAN. Just to make sure I really have dealt with the issue, are there any point and shoot apps to monitor port 25 for unusual activity? I've tried using wireshark on the SBS server but there's just too much traffic for it not to die on me with a memory error after a few minutes. I'm sure there's a way to only capture smtp (instead of capturing everything just filtering SMTP) but I'd rather use a simpler more dedicated tool if there's one available.

If possible I'd like to monitor the source and destination IP addresses, the port, the application sending it. I'm not bothered about the email contents but the sender, receiver and subject might be useful.

Failing that, some instructions on how to use Wireshark to only capture SMTP data would work at a pinch.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 AM

Posted 18 January 2013 - 08:33 AM

Is there an anti-virus on that SBS server? There are several AV products that monitor and filter traffic to port 25.
For example, McAfee Enterprise allows you to specify which processes (for example outlook.exe) can access port 25, all other are blocked and reported.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users