Date: Thu, 18 Aug 2011 12:36:27 -0400 From: alexus <alexus@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: looking for a spammer/virii/malware .... on my system Message-ID: <CAJxePN%2BHU3_8_ELie0NPXMNd9OS1=_MuHJnhPNFRScOTb=A%2Byw@mail.gmail.com> In-Reply-To: <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu> References: <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com> <D49826AA-9FF9-4848-A92A-5FF29A78679B@mac.com> <CAJxePNJ6k=0Na0Zcz7_j4EAs3QNHOSnSENp3AWVdfiirV_h_pA@mail.gmail.com> <033753EAA5A5EE53C17333A5@utd71538.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
ok su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and (dst port 80 or 443)' tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 by= tes Got 0 let's see what I capture... On Mon, Aug 15, 2011 at 6:19 PM, Paul Schmehl <pschmehl_lists@tx.rr.com> wr= ote: > --On August 15, 2011 2:04:27 PM -0400 alexus <alexus@gmail.com> wrote: > >> I personally leaning towards that these headers are being modified and >> that there is no spam leaving my box (I may be wrong of couse) >> >> here is what I did to come up with that thought.... >> >> I sent myself an email >> > > The tcpdump command that Chuck gave you is all you need. =C2=A0*If* all t= raffic > exits your network through your box, you will see anything going to port = 25 > *anywhere*. =C2=A0That should tell you quickly what the problem is, if th= ere is > one. > > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > ******************************************* > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > "There are some ideas so wrong that only a very > intelligent person could believe in them." George Orwell > > --=20 http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJxePN%2BHU3_8_ELie0NPXMNd9OS1=_MuHJnhPNFRScOTb=A%2Byw>