Re: looking for a spammer/virii/malware .... on my system

2011-08-18 Thread alexus
ok su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and (dst port 80 or 443)' tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes Got 0 let's see what I capture... On Mon, Aug 15, 2011 at 6:19 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On

Re: looking for a spammer/virii/malware .... on my system

2011-08-18 Thread Chuck Swiger
On Aug 18, 2011, at 9:36 AM, alexus wrote: su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and (dst port 80 or 443)' tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes Got 0 let's see what I capture... You're going to capture traffic of people

looking for a spammer/virii/malware .... on my system

2011-08-15 Thread alexus
I received a SPAM complain from my ISP and we're trying to figure out what/where the problem is... from headers: Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011 18:43:41 -0400 64.237.55.83 is an IP that resides on my box, obviously I'm not sending out any spam

Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread Chuck Swiger
On Aug 15, 2011, at 10:05 AM, alexus wrote: what else can I do to find it on my system who's trying to connect to remote webmail.west.cox.net ? Monitor your network for SMTP traffic: tcpdump -nA -s 0 port 25 If malware is sending out spam, you'll see it and can then use lsof or whatever to

Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread alexus
I personally leaning towards that these headers are being modified and that there is no spam leaving my box (I may be wrong of couse) here is what I did to come up with that thought I sent myself an email -bash-3.2# echo $$ | mail ale...@gmail.com -bash-3.2# through google headers I see

Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread Robert Bonomi
From owner-freebsd-questi...@freebsd.org Mon Aug 15 12:37:33 2011 Date: Mon, 15 Aug 2011 13:05:15 -0400 From: alexus ale...@gmail.com To: freebsd-questions@freebsd.org Subject: looking for a spammer/virii/malware on my system I received a SPAM complain from my ISP and we're trying

Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread alexus
...@gmail.com To: freebsd-questions@freebsd.org Subject: looking for a spammer/virii/malware on my system I received a SPAM complain from my ISP and we're trying to figure out what/where the problem is... from headers: Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011 18

Re: looking for a spammer/virii/malware .... on my system

2011-08-15 Thread Paul Schmehl
--On August 15, 2011 2:04:27 PM -0400 alexus ale...@gmail.com wrote: I personally leaning towards that these headers are being modified and that there is no spam leaving my box (I may be wrong of couse) here is what I did to come up with that thought I sent myself an email The tcpdump