Hi Markus, we have a Linux-IP-Tables Firewall. Yes. Isn't it possible, that an internal (hidden) process sends/receives data on unpreveliged ports not bound to IMail ?
Uwe >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> [EMAIL PROTECTED] >> Sent: Tuesday, June 07, 2005 6:56 PM >> To: [email protected] >> Subject: [IMail Forum] OT: Too much traffic on an IMail box, why ? >> >> Hi list, >> on our 7.15 Imail (W2k, SP 4) >> I have the following problem: >> We have a daily traffic of roundabout >> 3 G per day. Until 05/19/05 >> it was only less than 500 M a day. >> This jump is not normal. >> I patched the whole machine and tried >> to catch viruses, worms and trojans. >> It seems to be clear now. >> I have the feeling that it is >> kind of a "backdoor" via port 25/ port 110 but I can't find >> out where and why. >> (There is nothing (no hints) in the IMail-Logs !) I tried >> ethereal and netstat but I can not really find out what >> process and what port exactly gives this traffic. >> Ehereal doesn't really accumulate the hourly traffic on >> certain ports and other tools are far too expensive doing this. >> What else could I do to find this out ? >> Thanks for help ! >> >> Uwe >> >> >> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >> List Archive: >> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >> MG> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html MG> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ MG> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ -- Best regards, imail mailto:[EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
