Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Aug 2011 13:01:58 -0400
From:      alexus <alexus@gmail.com>
To:        Chuck Swiger <cswiger@mac.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: looking for a spammer/virii/malware .... on my system
Message-ID:  <CAJxePN%2BnQ05sRTMDu=hgx4pOdsGWAcZBZT-UoTvdH1ij7fMNDg@mail.gmail.com>
In-Reply-To: <F318D000-CCFF-4AFA-8CCD-B3AD70392BED@mac.com>
References:  <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com> <D49826AA-9FF9-4848-A92A-5FF29A78679B@mac.com> <CAJxePNJ6k=0Na0Zcz7_j4EAs3QNHOSnSENp3AWVdfiirV_h_pA@mail.gmail.com> <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu> <CAJxePN%2BHU3_8_ELie0NPXMNd9OS1=_MuHJnhPNFRScOTb=A%2Byw@mail.gmail.com> <F318D000-CCFF-4AFA-8CCD-B3AD70392BED@mac.com>

next in thread | previous in thread | raw e-mail | index | archive | help
right, but what seems to be (according to headers) someone makes a
connection from my box to theirs over the web (80/443) so i'm going
see if I can see anything, if not then i'll keep it blocked until I
figure out something else to find who does that...

On Thu, Aug 18, 2011 at 12:42 PM, Chuck Swiger <cswiger@mac.com> wrote:
> On Aug 18, 2011, at 9:36 AM, alexus wrote:
>> su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
>> (dst port 80 or 443)'
>> tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
>> Got 0
>>
>> let's see what I capture...
>
> You're going to capture traffic of people reading webmail from Cox.net.
>
> However, as much as that might be interesting, it is not useful
> for detecting outbound spam from a machine or network....
>
> Regards,
> --
> -Chuck
>
>



-- 
http://alexus.org/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJxePN%2BnQ05sRTMDu=hgx4pOdsGWAcZBZT-UoTvdH1ij7fMNDg>