- Netflow Solutions
Compromised systems are often used by attackers to distribute SPAM email messages. They serve as a convenient platform for reaching millions of legitimate email accounts with worthless advertising and phishing attempts. There are many ways systems can be enslaved for this purpose, including viruses on USB drives, remote exploits, and user-installed software from malicious sites.
Detecting if a system in your network has fallen victim and is sending out SPAM is quick and easy with FlowTraq. Filter on server port 25 (SMTP), and select a view with hosts ranked by sessions initiated. For convenience, filter on your local CIDR block (10.0.0.0/8 for us), and remove your own email servers from the list (10.2.0.3 and 10.2.0.4 in our case).
Although similar viral patterns can be detected using the unique host view, some SPAM bots tend to hit the same email server for awhile. The safest bet is looking for obvious spikes in sessions initiated.
Export CISCO NetFlow datagrams to up to 16 flow collectors. Flow Exporter captures 100% of the data in an easy-to-deploy way.
Download Now »
Advanced Threat Intelligence Services Added to FlowTraq Q2/13
Faster, more powerful, FlowTraq Q2/13 delivers detailed view of the potential network threats with NBI threat management and new threat intelligence service.
Have You Been Targeted by Chinese Espionage Units?
How to use Mandiant's Analysis and FlowTraq to Identify Threats: Mandiant's excellent analysis "APT1: Exposing One of China's Cyber Espionage Units" identifies a broad set of IP addresses...
Monitoring Your Security Measures: port knocking
Learn how to use knockd with FlowTraq to monitor security measures on SSH Server.