See if Cox can send you one of the SPAM messages. EVen though it's
probably behind a NAT device, the private IP may still be in the mail
headers.
What kind of router is it? We may be able to give more pointers if we
know what you're working with...
ray
On Fri, 28 Mar 2008, Chris Jones wrote:
> I was curious what you guys do when you encounter a client that has a
> network worm, but you don't know whose computer has the infection. I have a
> client who keeps getting calls from Cox, stating that there is a computer on
> their network that is sending out tons of spam. Two months ago at the
> meeting we were playing with Cain & Abel, which can do ARP poisoning. And
> although it's an amazingly powerful piece of software, it seems to
> unfortunately be useful for only black hat hacking (password stealing)...
> There's also Ethereal/Wireshark, but it seems to be useless on a switched
> network, unless you can find an old crappy hub to put it on, between the
> switch and the router. I honestly don't even know if we have a hub anywhere
> around here. There are some commercial products out there made for this,
> but they seem to start at around $2000. I was just wondering if anybody
> knew of anything good that was open source. ARP poisoning would be a nice
> feature, but I'm guessing that might only be a feature on the black hat
> tools. ;) There are some things like Nessus and Zenoss, but are those just
> for SNMP monitoring? They probably won't sniff for worm traffic. I might
> look into Untangle and see if it offers that ability...but I figured I'd see
> if you guys know of anything else? Thanks!
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ___________________ Nolug mailing list nolug@nolug.orgReceived on 03/28/08
This archive was generated by hypermail 2.2.0 : 12/19/08 EST