Question

Locked

IP Address

By Defragme ·
We had our Barracuda firewall go down and just got a replacement up and running. Since we've been back up were getting overwhelmed with spam getting through, I called Barracuda's Tech Support and they said it's coming from an IP address which I believe is within our company. The Boss is away on Vacation and I'm fairly new so I'm asking for help on how to figure out where this IP is coming from. Is there a way on the command prompt to ping it and show me. I tried the site Whois, with no results, I tried different commands, ping -a IP address but only getting packets sent 4 received 4 lost 0, but I'm trying to get a computer name or something. Any help would be greatly appreciated.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

so do you have your own mail system?

by CG IT In reply to IP Address

or using something like Google mail?

Collapse -

We have our own system

by Defragme In reply to so do you have your own m ...

Sorry, got hammered and couldn't check my post until now. Feel like a one armed paperhanger just learning how to hang paper.

Collapse -

Re: IP Address

by christianshiflet In reply to IP Address

So, the IP address is on your local network? If so, do you have access to your local DHCP server? If so you could find the lease for the IP address in question and it should (if Windows Server, anyway) show the computer name. You could also use nbtstat -A + IP Address to find the machine name if it is on your LAN.

Obviously, if the address is not on your LAN you can just block the address at the Barracuda device.

Let me know if that helps or you have further questions.

Collapse -

MS Exchange 2003

by Defragme In reply to Re: IP Address

Thanks, I'll try that.

Collapse -

try...

by Snuffy09 In reply to IP Address

"nbtstat -A 10.x.x.x"

will give you NetBIOS name and what domain/workgroup the computer belongs to

couldn't you isolate that ip with the firewall? tall it to block all ports from that IP? until the boss gets back anyways

Collapse -

Got these results

by Defragme In reply to try...

Wireless Network Connection:
Node IpAddress: [0.0.0.0] scope Id: []

Host not found

Local Area Connection:
Node IpAddress: [10.68.1.20 scope Id: []

Host not found

But that's not the Ip that's causing the problem that I'm looking for, that Ip is me, my local machines Ip.

What I was looking for was 10.68.1.8

Collapse -

then it couldnt resolve the ip to netbios name

by Snuffy09 In reply to Got these results

it will show your local or "node" address every time you run this command the info you were looking for would have been displayed under the node address

Collapse -

Over 23,000 blocked emails in 48 hrs

by Defragme In reply to then it couldnt resolve t ...

This Ip has sent over 23k spammed emails, but all the good emails also have this Ip last in the header so I can't block it. I just don't know enough about what is going on and how to look it up on the dhcp server.

Collapse -

I would be,

by mamies In reply to IP Address

I would be blocking all outgoing mail ports to the internet except for the server from within the router. If you only allow the server to use these ports then the server has to be sending the email through the internet.

This will still allow the users to send emails as they use this server. This would also stop you from being placed on these black lists.

After that I would be scanning every machine in the office to check for malware as this stuff can spread.

To find the overall machine thats causing the problem I would then look the IP address up in the lease table which will then give you the computer name. If you keep records of what computer is where you will then be able to go to the exact location of the computer.

Thanks,
Matt

Collapse -

well really need to be clear on this

by CG IT In reply to IP Address

1. if your Exchange server is sending out spam, how do you know this?


2. if your users are receiving spam in their mailbox from outside sources, then the problem is that you don't have any antispam applications running that would catch and delete the spam before it ever reaches the Exchange server. To combat spam, you will have to buy either a hardware device that is specially designed for spam or a software application for Exchange server that catches spam before it gets to Exchange.

3. If you purchased the Barracuda antispam and firewall device and the antispam component isn't working, then Barracuda should provide you with support on how to configure your device for use with Exchange Server. Chances are your antispam component isn't configured properly to either delete suspected spam or move it to the users spam mail folder. you could opt to pull out the manual and reverify all the configuration parameters. If spam is still getting through your antispam appliance, then Barracuda should provide support. If they don't, then suggest you find a new vendor. Barracuda is usually pretty good in providing support for their products. If not, lodge a complaint .....

side note: just read your other post, if the antispam/firewall device is blocking spam, then it's doing its job. If those 23,000 spam emails found their way into the users mail box, then it's not.

If your worried about the large number of spam emails being blocked, don't because the device is doing what it's supposed to be doing, blocking them. The logs that say it's blocked 23,000 spam emails is simply for reporting purposes so that the cost for it is justified.

Back to Desktop Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums