Zombies on my network? It's more likely than you think.
Just a quick link to John Levine's blog post Yes, you really have a zombie on your network. The article covers a discussion we had on a technical mailing list involving someone who was having a hard time believing that his network was really infected by spam-bots.
In the post, John forwards a good summary of the problem and what to do about it, written by Steve Champeon.
The key points in the article:
In the post, John forwards a good summary of the problem and what to do about it, written by Steve Champeon.
The key points in the article:
- Don't look for clues in your mailserver's logs; chances are the spam is coming from infected machines with their own SMTP engines and aren't using your servers to relay in the first place. And even if they are, you won't find anything useful in the headers.
- Shut down unauthorized port 25 outbound connections, and put a sniffer on your network to find out where they're coming from. In fact, do it now, before you find yourself listed somewhere.
- Don't assume the blocklists have made a mistake; look to yourself first.
0 Comments:
Post a Comment
<< Home