Re: ISP Blocked my access because of spam

Author	All Replies
bofkentucky join:2009-03-30 Louisville, KY 1 edit	reply to Kentucky Joe Re: ISP Blocked my access because of spam Start with the basics 1) Do you have a router in between your cable modem and your computer(s)? 2) Does the router have a DMZ port turned on? 3) Does the router have a firewall turned on? 4) Is the router wireless? 5) Is the wireless secured (SSID isn't broadcast and requires a wpa key)? 6) I'm guessing you're running windows. On each computer in your house do the following to see if you have a mail server running click on start click on run type cmd.exe in the open box hit enter You should have a dos prompt open now in that you need to type netstat -an If you see a line like the next two (x.y.z.a and b.c.d.e are ip addresses like 0.0.0.0 or 192.168.1.20 or 74.128.17.114 for example) TCP x.y.z.a:25 b.c.d.e LISTENING or TCP x.y.z.a:587 b.c.d.e LISTENING You do have a mail server running on that computer. It's time to antivirus/antispyware that computer until those ports aren't listening. Check for programs that we're installed recently.
bofkentucky join:2009-03-30 Louisville, KY 1 edit	to forum · permalink · · 2009-05-23 13:37:04 ·
leibold Premium,MVM join:2002-07-09 Sunnyvale, CA clubs:	Everything you said is correct for detecting that a regular mailserver is running on the system that allows for incoming email. However the ISP complained about email send (not received) by "Kentucky Joe". If his computer is infected with a trojan/virus the software will use a mail client to transmit the email or have an embedded mail server solely for sending email with bothering to receive email. Looking for any ports in listening state is still useful, because the trojan/virus may have established a backdoor to allow remote control of the computer. However that backdoor may not be listening on standard email ports. Assuming that the ISP correctly identified "Kentucky Joe's" internet connection as the source of the spam and further assuming he isn't deliberately sending spam the two most likely explanations are: 1.) one (or more) of the computers on his home network is(are) infected and need to be cleaned up. 2.) someone else in the neighborhood is making unauthorized use of his wireless network. -- Got some spare cpu cycles ? Join Team Helix or Team Starfire!
	to forum · permalink · · 2009-05-24 16:42:56 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	said by leibold : 1.) one (or more) of the computers on his home network is(are) infected and need to be cleaned up. 2.) someone else in the neighborhood is making unauthorized use of his wireless network. Yes, good analysis. These possibilities are what the OP needs to check. Attempting to block the outgoing mail would just be a bandaid solution, and probably not very effective. Securing the wireless network (if one is used), and cleaning out the malware on all computers on the home LAN is the way to deal with this problem. -- AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10
	to forum · permalink · · 2009-05-24 17:05:55 ·


Monday, 30-Nov 06:23:26	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF