|
-
August 15th, 2008, 08:17 AM
#1
Network invasion?
I received the following message form my ISP, (ATT_, I am on a T-1 there is no server just a router and a few switches and about 75 desktops. Right before I received this message I could notice a considerable slowdown in my Internet speed, which still continues. Have been going from desktop to desktop to try and figure where the problem is without any luck. Any ideas would be great; I know desktops but come up a little short on networks. The x's is my gateway
A host (xx.xx.xx.xx) within your IP block may be
Infected with a Trojan, virus, or worm; or you may have a
Malicious user on your network. The host in question,
((xx.xx.xx.xx) ), is sending unsolicited commercial email (spam).
(xx.xx.xx.xx) is your firewall/gateway/NAT then it is
likely that the offending email is originating from your
Internal network.
-
August 15th, 2008, 08:40 AM
#2
Registered User
so investigate your clients - set some monitoring and see who's generating the traffic...
-
August 15th, 2008, 08:43 AM
#3
On Question how do I do that. Like I said I know desktops not networks. All running XP Pro. Static Ip's using netgear router.
-
August 15th, 2008, 01:43 PM
#4
Registered User
Try to use a tool like Cain to capture traffic and see who is trying to reach port 25. Or if the router allows, block port 25 and have the router log the attempt. Or run a netstat script on all machines and see who is connecting to port 25 on other hosts.
Edit: some antivirus packages treat Cain as a "malicious" program, you may have to remove the install folder from the scanning.
-
August 16th, 2008, 04:43 PM
#5
Cain?
Only Cain program I can find is for password recovery
-
August 16th, 2008, 09:08 PM
#6
Registered User
-
August 20th, 2008, 10:03 AM
#7
Now I'm feeling like a complete fool. Have downloaded and installed Cain but have no idea how to use it. Have tried the help files to no avail. How do I capture traffic? System is still bogging down and I'm lost.
-
August 24th, 2008, 11:02 PM
#8
Registered User
Spyware?
smghou
I recieved a message just like yours
A host (xx.xx.xx.xx) within your IP block may be
Infected with a Trojan, virus, or worm; or you may have a
Malicious user on your network. The host in question,
((xx.xx.xx.xx) ), is sending unsolicited commercial email (spam).
(xx.xx.xx.xx) is your firewall/gateway/NAT then it is
likely that the offending email is originating from your
Internal network.
After discovering that spyware can stop internet access I won't let anyone access my network without continuously running a version of spydoctor as well as Norton antivirus. The earlier version of spydoctor 3 something works just fine and doesn't grind the computer into the ground.
My next step was to check every computer and see if either had been disabled.
When I found the computer and reactivated the spydoctor, did a cleansing the network returned to normal.
The operator was given a warning (final)
Hope this helps
-
August 25th, 2008, 08:09 AM
#9
Registered User
 Originally Posted by smghou
Only Cain program I can find is for password recovery
The sniffer in Cain can sniff for well-known services, including SMTP
Similar Threads
-
By 70-240 in forum Certification
Replies: 14
Last Post: February 20th, 2012, 03:35 AM
-
By pbolduc in forum Networking
Replies: 0
Last Post: April 25th, 2007, 01:24 PM
-
By MorseLady in forum Networking
Replies: 9
Last Post: April 27th, 2005, 12:31 PM
-
By gizmo1_1 in forum Tech-To-Tech
Replies: 28
Last Post: October 16th, 2004, 10:20 PM
-
By Jared Job in forum Windows 95/98/98SE/ME
Replies: 20
Last Post: October 2nd, 2000, 05:39 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks