Scanning LAN for virus activity?
Michael St. Laurent
mikes at HARTWELLCORP.COM
Mon Mar 15 23:00:52 GMT 2004
Steve Mason <mailto:SMason at KMSS.CA> wrote:
> Not sure about iptables, but I use nmap and tcpdump to check for
> anything on my local network.
> Nmap to scan for any of the ports that the latest worms/vuruses
> listen on. Tcpdump listening on port 25 (minus your mail servers)
> should find anyone with a process sending out spam, or trying to
> propagate a worm/virus via email.
That's a good suggestion. I'll have to set up Ethereal to scan for any port
25 activity that's destined for any ip address other than our two mail
servers.
Thanks.
--
Michael St. Laurent
Hartwell Corporation
More information about the MailScanner
mailing list