Find a PC that is attacking an email server



  • I have been tasked to find a system on a LAN that is attacking an email server on the Internet. I am going to install a pfsense firewall on the LAN this coming week. What would be the best course of action to find this box from pfsense. Their ISP has already sent them a cease and desist and if this is not taken care of, they will shut the company's Internet off.

    Any help would be great



  • Probably a spam bot on something I'm guessing. Setup the LAN firewall rules to only permit SMTP from known legit mail servers, block all other SMTP with logging, check the firewall log.


  • Rebel Alliance Global Moderator

    Putting in pfsense is always a good idea ;)

    But you sure don't need pfsense to track down the box attacking an outbound server?  Just a simple sniff of the outbound traffic will tell you which box it is.

    Very curious how your tasked with this, when you seem lacking in understanding "how" even?



  • @root2020:

    I have been tasked to find a system on a LAN that is attacking an email server on the Internet. I am going to install a pfsense firewall on the LAN this coming week. What would be the best course of action to find this box from pfsense. Their ISP has already sent them a cease and desist and if this is not taken care of, they will shut the company's Internet off.

    Any help would be great

    You might want to find out 'how' the server is being attacked.  Is it spam mail or DoS?  That will help you nail the culprit(s) down rather quickly with a proper firewall in place (pfSense or otherwise).


Locked