Spotting Spammers

Compromised systems are often used by attackers to distribute SPAM email messages. They serve as a convenient platform for reaching millions of legitimate email accounts with worthless advertising and phishing attempts. There are many ways systems can be enslaved for this purpose, including viruses on USB drives, remote exploits, and user-installed software from malicious sites.

Detecting if a system in your network has fallen victim and is sending out SPAM is quick and easy with FlowTraq. Filter on server port 25 (SMTP), and select a view with hosts ranked by sessions initiated. For convenience, filter on your local CIDR block (10.0.0.0/8 for us), and remove your own email servers from the list (10.2.0.3 and 10.2.0.4 in our case).

Although similar viral patterns can be detected using the unique host view, some SPAM bots tend to hit the same email server for awhile. The safest bet is looking for obvious spikes in sessions initiated.

Get Started

• Interactive Demo
• Try FlowTraq
• Buy now

Learn More

• Schedule Call
• Watch video
• Read whitepaper

Free Flow Exporter

Export CISCO NetFlow datagrams to up to 16 flow collectors using TAP or SPAN. ProQSys Flow Exporter captures 100% of the data in an easy-to-deploy way
Download Now »