On Tue, 12 Sep 2006 15:51:08 -0400
Bart Silverstrim <[EMAIL PROTECTED]> wrote:
> Something inside our network is infected with a spam-mailing trojan.
> We now have our PIX firewall set to block all outgoing traffic to
> port 25 unless it is from our mail server.
you should also accept only a
> > There's a kernel option you need to enable for IPFW to do
> logging.
> > If you're kldload'ing the ipfw module, it probably wasn't compiled
> > with IPFW_LOGGING or whatever the exact name is.
>
> I had set the verbosity (I think that was the parameter) from
> googling around earlier, b
On Sep 12, 2006, at 4:45 PM, Chuck Swiger wrote:
On Sep 12, 2006, at 1:37 PM, Bart Silverstrim wrote:
Better to use something like:
ipfw add 1 log tcp from any to me 25 setup
If Bart would like to use tcpdump for the same purpose, consider
running something like:
tcpdump
On Sep 12, 2006, at 1:37 PM, Bart Silverstrim wrote:
Better to use something like:
ipfw add 1 log tcp from any to me 25 setup
If Bart would like to use tcpdump for the same purpose, consider
running something like:
tcpdump -nt 'port 25 and (tcp[tcpflags] & tcp-syn != 0)'
M
On Sep 12, 2006, at 4:28 PM, Chuck Swiger wrote:
On Sep 12, 2006, at 1:08 PM, Bill Moran wrote:
Is there some way to get the FreeBSD system to log machines using
port 25 without interfering with the FreeBSD machine's filtering of
email function? Or at least make the traffic visible to sniffin
In response to Chuck Swiger <[EMAIL PROTECTED]>:
> On Sep 12, 2006, at 1:08 PM, Bill Moran wrote:
> >> Is there some way to get the FreeBSD system to log machines using
> >> port 25 without interfering with the FreeBSD machine's filtering of
> >> email function? Or at least make the traffic visib
On Sep 12, 2006, at 1:08 PM, Bill Moran wrote:
Is there some way to get the FreeBSD system to log machines using
port 25 without interfering with the FreeBSD machine's filtering of
email function? Or at least make the traffic visible to sniffing
with tcpdump or wireshark or ethereal?
Off the t
In response to Bart Silverstrim <[EMAIL PROTECTED]>:
> This will probably be kind of wordy, but I could use some advice on
> how to track it.
>
> I have a freebsd system acting as a gateway (it's using IP
> forwarding) so it can act as a web proxy server and filter for the
> users. It is a
This will probably be kind of wordy, but I could use some advice on
how to track it.
I have a freebsd system acting as a gateway (it's using IP
forwarding) so it can act as a web proxy server and filter for the
users. It is also filtering incoming email to act as a mail filter
between th