How to detect a spammer on your network? | Enterprise security magazine

The mechanics of identifying a spammer on your organization are genuinely clear. They will spam through your organization two ways:

  1. Through an undermined have on your organization: a contaminated machine has become a bot in a botnet and is conveying spam straightforwardly to the Internet.

2. By means of an undermined mail account: the spammer utilizes one of your client’s mail records to communicate spam through your own MTA.

To fix these circumstances:

  1. A compromised host on your network

Detection:

A compromised host is usually easy to spot. If you have a good business-class firewall, you will be able to see a high volume of outbound traffic -that does NOT originate from one of your MTA IP addresses — passing through port 25 to thousands of different locations. Getting on the infected machine, if possible, and issuing a netstat command (works with both Windows and *Nix) should show all the open outbound connections from the box. The results can provide corroborating evidence that the machine has been compromised.

Remediation:

  • Eliminate the machine from your organization and tidy it up. No doubt, that is anything but difficult to state, and God realizes how long it could require. It can at times require a full wipe and reinstall of the OS if the machine has been root-kitted or the malware has downloaded.

Goodness better believe it, reinforcements. I’m certain you supported up the machine, correct?

Prevention:

  • All your workstations and servers should have all existing OS patches applied.

I am a technology blogger, who loves to read and write on the latest in technology.