ok
su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
(dst port 80 or 443)'
tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
Got 0
let's see what I capture...
On Mon, Aug 15, 2011 at 6:19 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote:
--On
On Aug 18, 2011, at 9:36 AM, alexus wrote:
su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
(dst port 80 or 443)'
tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
Got 0
let's see what I capture...
You're going to capture traffic of people
I received a SPAM complain from my ISP and we're trying to figure out
what/where the problem is...
from headers:
Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011
18:43:41 -0400
64.237.55.83 is an IP that resides on my box, obviously I'm not
sending out any spam
On Aug 15, 2011, at 10:05 AM, alexus wrote:
what else can I do to find it on my system who's trying to connect to
remote webmail.west.cox.net ?
Monitor your network for SMTP traffic:
tcpdump -nA -s 0 port 25
If malware is sending out spam, you'll see it and can then use lsof or whatever
to
I personally leaning towards that these headers are being modified and
that there is no spam leaving my box (I may be wrong of couse)
here is what I did to come up with that thought
I sent myself an email
-bash-3.2# echo $$ | mail ale...@gmail.com
-bash-3.2#
through google headers I see
From owner-freebsd-questi...@freebsd.org Mon Aug 15 12:37:33 2011
Date: Mon, 15 Aug 2011 13:05:15 -0400
From: alexus ale...@gmail.com
To: freebsd-questions@freebsd.org
Subject: looking for a spammer/virii/malware on my system
I received a SPAM complain from my ISP and we're trying
...@gmail.com
To: freebsd-questions@freebsd.org
Subject: looking for a spammer/virii/malware on my system
I received a SPAM complain from my ISP and we're trying to figure out
what/where the problem is...
from headers:
Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011
18
--On August 15, 2011 2:04:27 PM -0400 alexus ale...@gmail.com wrote:
I personally leaning towards that these headers are being modified and
that there is no spam leaving my box (I may be wrong of couse)
here is what I did to come up with that thought
I sent myself an email
The tcpdump