right, but what seems to be (according to headers) someone makes a
connection from my box to theirs over the web (80/443) so i'm going
see if I can see anything, if not then i'll keep it blocked until I
figure out something else to find who does that...
On Thu, Aug 18, 2011 at 12:42 PM, Chuck Swig
On Aug 18, 2011, at 9:36 AM, alexus wrote:
> su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
> (dst port 80 or 443)'
> tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
> Got 0
>
> let's see what I capture...
You're going to capture traffic of pe
ok
su-3.2# tcpdump -nnAvvvw webmail.west.cox.net 'dst host 68.6.19.1 and
(dst port 80 or 443)'
tcpdump: listening on bce0, link-type EN10MB (Ethernet), capture size 96 bytes
Got 0
let's see what I capture...
On Mon, Aug 15, 2011 at 6:19 PM, Paul Schmehl wrote:
> --On August 15, 2011 2:04:27 PM
--On August 15, 2011 2:04:27 PM -0400 alexus wrote:
I personally leaning towards that these headers are being modified and
that there is no spam leaving my box (I may be wrong of couse)
here is what I did to come up with that thought
I sent myself an email
The tcpdump command that Chuc
gt;> To: freebsd-questions@freebsd.org
>> Subject: looking for a spammer/virii/malware on my system
>>
>> I received a SPAM complain from my ISP and we're trying to figure out
>> what/where the problem is...
>>
>> from headers:
>>
>> Recei
> From owner-freebsd-questi...@freebsd.org Mon Aug 15 12:37:33 2011
> Date: Mon, 15 Aug 2011 13:05:15 -0400
> From: alexus
> To: freebsd-questions@freebsd.org
> Subject: looking for a spammer/virii/malware .... on my system
>
> I received a SPAM complain from my ISP and w
I personally leaning towards that these headers are being modified and
that there is no spam leaving my box (I may be wrong of couse)
here is what I did to come up with that thought
I sent myself an email
-bash-3.2# echo $$ | mail ale...@gmail.com
-bash-3.2#
through google headers I see fol
On Aug 15, 2011, at 10:05 AM, alexus wrote:
> what else can I do to find it on my system who's trying to connect to
> remote webmail.west.cox.net ?
Monitor your network for SMTP traffic:
tcpdump -nA -s 0 port 25
If malware is sending out spam, you'll see it and can then use lsof or whatever
t
I received a SPAM complain from my ISP and we're trying to figure out
what/where the problem is...
from headers:
Received: from 64.237.55.83 by webmail.west.cox.net; Sun, 14 Aug 2011
18:43:41 -0400
64.237.55.83 is an IP that resides on my box, obviously I'm not
sending out any spam intentionally