Mailing List CGatePro@mail.stalker.com Message #97416
From: Tom Rymes <trymes@rymesheating.com>
Subject: Tracking down an infected pc
Date: Thu, 5 Mar 2009 14:03:31 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.930.3)
Hi there,

We have recently been blacklisted due to an infected PC sending SPAM directly to hosts via its own MTA. Moving forward, I plan to block port 25 to avoid this, but I am faced with the problem of tracking this PC down, and it hasn't proved easy.

I have the IP address and the MAC address used by the machine, but it does not respond to ping or ARP requests, and the manufacturer decoded from the MAC hasn't proven helpful, either. I have checked all of the PCs in the building (we have no wireless) and none of them are using that IP Address. My guess is that the software is using an alternate IP and MAC.

Anyhow, I'm guessing that the members of this list have had to deal with this at least once or twice before, and I am wondering if anyone has any suggestions as to how I might start to track down this rogue PC.

Thank you,

Tom
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster