Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Aug 2011 12:36:27 -0400
From:      alexus <alexus@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: looking for a spammer/virii/malware .... on my system
Message-ID:  <CAJxePN+HU3_8_ELie0NPXMNd9OS1=_MuHJnhPNFRScOTb=A+yw@mail.gmail.com>
In-Reply-To: <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu>
References:  <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com> <D49826AA-9FF9-4848-A92A-5FF29A78679B@mac.com> <CAJxePNJ6k=0Na0Zcz7_j4EAs3QNHOSnSENp3AWVdfiirV_h_pA@mail.gmail.com> <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
ok

su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
(dst port 80 or 443)'
tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 by=
tes
Got 0

let's see what I capture...

On Mon, Aug 15, 2011 at 6:19 PM, Paul Schmehl <pschmehl_lists@tx.rr.com> wr=
ote:
> --On August 15, 2011 2:04:27 PM -0400 alexus <alexus@gmail.com> wrote:
>
>> I personally leaning towards that these headers are being modified and
>> that there is no spam leaving my box (I may be wrong of couse)
>>
>> here is what I did to come up with that thought....
>>
>> I sent myself an email
>>
>
> The tcpdump command that Chuck gave you is all you need. =C2=A0*If* all t=
raffic
> exits your network through your box, you will see anything going to port =
25
> *anywhere*. =C2=A0That should tell you quickly what the problem is, if th=
ere is
> one.
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
>



--=20
http://alexus.org/



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAJxePN+HU3_8_ELie0NPXMNd9OS1=_MuHJnhPNFRScOTb=A+yw>