Help me Diagnose infected machine/network

[Homerboy]

We are getting piles of spam/virus/worm attempts.

Checking email server logs:

Mon 2005-05-09 14:32:42: [592:900:2] Accepting SMTP connection from [204.10.61.54 : 59436]
Mon 2005-05-09 14:32:42: [592:900:2] Looking up PTR record for 204.10.61.54 (54.61.10.204.IN-ADDR.ARPA)
Mon 2005-05-09 14:32:42: [592:900:2] Name server reports domain name unknown.
Mon 2005-05-09 14:32:42: [592:900:2] --> 220 kohnlaw.com ESMTP MDaemon 6.8.5; Mon, 09 May 2005 14:32:42 -0500
Mon 2005-05-09 14:32:42: [592:900:2] <-- Helo xkapwn.net
Mon 2005-05-09 14:32:42: [592:900:2] Spam Blocker is checking 204.10.61.54 (connecting IP)
Mon 2005-05-09 14:32:42: [592:900:2] * relays.ordb.org - passed
Mon 2005-05-09 14:32:42: [592:900:2] * bl.spamcop.net - passed
Mon 2005-05-09 14:32:42: [592:900:2] Spam Blocker is finished
Mon 2005-05-09 14:32:42: [592:900:2] --> 250 kohnlaw.com Hello xkapwn.net, pleased to meet you
Mon 2005-05-09 14:32:42: [592:900:2] <-- MAIL FROM: <ellenorzes@netlock.net>
Mon 2005-05-09 14:32:42: [592:900:2] --> 250 <ellenorzes@netlock.net>, Sender ok
Mon 2005-05-09 14:32:42: [592:900:2] <-- RCPT TO: <stacybegley@kohnlaw.com>
Mon 2005-05-09 14:32:42: [592:900:2] Sender attempted to deliver message to unknown address
Mon 2005-05-09 14:32:42: [592:900:2] --> 550 <stacybegley@kohnlaw.com>, Recipient unknown
Mon 2005-05-09 14:32:42: [592:900:2] <-- RCPT TO: <stanfordbeavers@kohnlaw.com>
Mon 2005-05-09 14:32:42: [592:900:2] Sender attempted to deliver message to unknown address

So that tells me 204.10.61.154 (which belongs to: http://www.networksolutions.com/en_US/w...APSFEQ?whoistoken=0&_requestid=511178)
is the infected machine/network correct?

 

[spidey07]

that's correct.

unfortunately this kind of worm/virus activity I call "internet noise" and it is constant.

 

[Homerboy]

right I agree, but the powers that be that are getting emails saying "virus deleted" blah blah blah and are telling me to fix it.

Guess Ill drop a line to that networks support and let them know

 

[spidey07]

sounds like an easy fix.

turn off notification.

 

[Homerboy]

hah well yeah I already thought of that
but they tend to be pains in the asses... if I turn it off and the msgs stop, then they will ask me "what did you do?!"
I can only lie so much

 

[kstornado]

Or you could configure the email server to drop SMTP connections coming from that address....

 

[JackMDS]

LOL. Best solution Disconnect the computer from the Internet.:shocked:

Or you might be able to do what Robert Moses did many years ago.

The story goes that Robert Moses who was the commissioner of NYC traffic department could not stand the slow traffic while driving to his country home in long Island.

So he built a private Express way for his own use, so how about HomerNet.:light::laugh:

:sun:

 

[dmcowen674]

Originally posted by: JackMDS
LOL. Best solution Disconnect the computer from the Internet.:shocked:

Or you might be able to do what Robert Moses did many years ago.

The story goes that Robert Moses who was the commissioner of NYC traffic department could not stand the slow traffic while driving to his country home in long Island.

So he built a private Express way for his own use, so how about HomerNet.:light::laugh: :sun:

Didn't realize you were a New Yorker Jack

Yep, he built Northern & Southern State Parkways on Long Island and some others too.

Amazing how easy it was to build roads back then, now it's like moving heaven and Earth literally and costs the price of a planet.