Re: strange windows behaviour.

From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 10/07/03

Next message: Brian Eckman: "Re: strange windows behaviour."

Previous message: Paul Farley: "FW: [INFRAGARD-ATLANTA] DoS on cisco.com"
In reply to: John Sage: "Re: strange windows behaviour."
Next in thread: Magosányi Árpád: "Re: strange windows behaviour."
Reply: Magosányi Árpád: "Re: strange windows behaviour."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 07 Oct 2003 13:42:44 -0400
To: John Sage <jsage@finchhaven.com>, Incidents <incidents@securityfocus.com>

John Sage wrote:

> From: Paul Russell <prussell@nd.edu>

> In the past ten days, we have had five incidents in which
> student-owned computers in our residence hall network (ResNet) were
> used to send large quantities of spam.

If you keep PIX logs (we try to, though the volume is incredible) you
can look for connections inbound to the host spewing the spam. You can
even get a 1-for-1 connection list (sometimes) showing the incoming
proxy feed (from the REAL criminal) and the outgoing spam.

Of course, for you high-bandwidth folks logging is probably not an
option :-)

Jeff

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Brian Eckman: "Re: strange windows behaviour."

Previous message: Paul Farley: "FW: [INFRAGARD-ATLANTA] DoS on cisco.com"
In reply to: John Sage: "Re: strange windows behaviour."
Next in thread: Magosányi Árpád: "Re: strange windows behaviour."
Reply: Magosányi Árpád: "Re: strange windows behaviour."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]