RE: [Ethereal-users] identifying bugbear & sobig attacks (how?)

[J T]

Title: CHANGE TO DOC TITLE

Both of these viruses use their own SMTP engine to propagate copies of themselves. Tracing your network for machines that are sending large quantities of SMTP traffic (TCP port 25) should help pinpoint which machines are infected.   JeffT   -----Original Message----- From: Mike Kelley [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 11, 2003 11:36 AM To: '[EMAIL PROTECTED]' Subject: [Ethereal-users] identifying bugbear & sobig attacks (how?)   My ultimate goal in bringing up a linux box and using ethereal is to discover which box on my lan is sending the bugbear virus and which has sobig.   Any pointers, footprints, RTFM's ?????   Mike