How can I find a computer on my network that is doing mass mailings?

spam-prevention smtp

You could connect a hub in between the router and your LAN and then plug a computer into the hub and install a traffic monitor on it such as Microsoft network monitor or wire shark

http://www.wireshark.org/

You will then be able to monitor all that goes on and set up filters etc


It's been a long time since I played with DD-WRT, but on most business-level routers they have the ability to write a log each time a firewall rule is matched.

I would create a firewall rule for Port 25 (assuming that the mass mailer is using the standard SMTP port) and get it to write a log with the source IP every time it happens. It should then be pretty easy to locate the culprit.


I am also not sure how to track without netflow or SNMP logging. But would recommend you just restrict outbound SMTP traffic to your mail server(s)

Below assumes a mail server IP of 192.168.1.2 on the network 192.168.1.0/24 

iptables -I FORWARD 1 -p tcp -s 192.168.1.2 --dport 25 -j ACCEPT
iptables -I FORWARD 2 -p tcp -s 192.168.1.1/24 --dport 25 -j REJECT

Related

ISO file much smaller than extracted data
What is the maximum number of activations Microsoft allows for an OEM Windows 7 license?
Windows 7 Explorer: How to change the columns displayed for file attributes?
Pinging localhost versus pinging 127.0.0.1
External sound card not working with Windows 10
Can't access some websites, possible MTU issue on the router?
ssh - no route to host
VNC and VPN working together problem
Windows 8 isn't searching/indexing secondary hard drives?
Changing the interface language in Windows 7 Home Premium [duplicate]
Can I set up the printer in Word to print in black even if the file has colours?
Using Wireshark to decrypt tls encrypted file with private key