Tim Fournet <[EMAIL PROTECTED]> writes: > I can say that I've seen plenty of SMTP traffic going to/from the WBR > Parish Sheriff's Dept. account from my internet-pointing interface. > Maybe the switch ports are getting flooded by all the worm traffic and > defaulting back to broadcasting everything. >
Are you saying this SMTP traffic is *not* to/from your own external IP? Ie the IP header portion of those packets carrying SMTP traffic do *NOT* have your external IP address in the Source or Destination IP fields. this would be unexpected. As long as source or dest of unicast packets contain your external IP address this is normal that you would see those packets. I would suspect that there is a misconfiguration somewhere causing traffic for this "WBC Parish Sheriff's Dept. account" to go to/from your SMTP server address (ie. your external interface IP). I'm thinking virus/worm at the WBR Sheriff Dept. If you're seeing actually seeing packets that are not destined either src or dest you_external_IP, then there's a MAC address/ARP conflict going on. -- Scott Harney<[EMAIL PROTECTED]> "...and one script to rule them all." gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
