Forums Search Login Register
Login
Username
Password
New Posts Todays Posts Find Users Posts Unanswered Threads Help Mark Forums as Read

Thread Options  Subscribe to this thread Subscribed Users  Add Reply 
Posts: 1,357
Trophies:
1
I know I have a pc on my network that is spamming emails as evidence by a few black list sites. Also yahoo keeps rate limiting me. Though I do not see any evidence on the PC's I have running. I have a few PC's and a few android devices. It is rather hard to turn one off at a time and the end results is not easy to detect. Thus its hard to troubleshoot that way. So I want to intercept and use linux to hunt it down. Every thing goes out of my ubuntu server, all traffic. but I'm not a security guru by any means.

I thought maybe I could use iptables like

iptables -A INPUT -p tcp -s 192.168.0.0/25 --dport 25 -j LOG --log-level debug

and tail -f /var/log/kern.log

and there I see a few messages once a second but it looks like my FW is blocking it.


Code:
Nov 24 14:38:48 ubuntuspawn kernel: [6630908.886197] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=185.219.52.172 DST=[myIP] LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=38447 DF PROTO=TCP SPT=41304 DPT=5927 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 14:38:54 ubuntuspawn kernel: [6630915.201554] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=46.232.211.193 DST=[myIP] LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24534 DF PROTO=TCP SPT=37905 DPT=40945 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 24 14:39:11 ubuntuspawn kernel: [6630931.733367] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=185.219.52.172 DST=[myIP] LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=38801 DF PROTO=TCP SPT=48692 DPT=5927 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 14:39:15 ubuntuspawn kernel: [6630935.532012] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=172.98.68.19 DST=[myIP] LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=55084 DF PROTO=TCP SPT=55145 DPT=40945 WINDOW=64860 RES=0x00 SYN URGP=0
Nov 24 14:39:33 ubuntuspawn kernel: [6630953.568650] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=61.177.173.11 DST=[myIP] LEN=67 TOS=0x00 PREC=0x00 TTL=47 ID=1181 DF PROTO=TCP SPT=12671 DPT=22 WINDOW=229 RES=0x00 ACK PSH URGP=0
Nov 24 14:39:35 ubuntuspawn kernel: [6630956.301506] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=187.189.88.168 DST=[myIP] LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=17182 PROTO=UDP SPT=10700 DPT=40945 LEN=28
Nov 24 14:39:49 ubuntuspawn kernel: [6630969.761855] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=185.219.52.172 DST=[myIP] LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=39389 DF PROTO=TCP SPT=7954 DPT=5927 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 14:39:54 ubuntuspawn kernel: [6630975.263547] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=37.146.57.182 DST=[myIP] LEN=132 TOS=0x00 PREC=0x00 TTL=108 ID=52386 PROTO=UDP SPT=22879 DPT=40945 LEN=112
Nov 24 14:40:15 ubuntuspawn kernel: [6630996.279388] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=185.159.156.3 DST=[myIP] LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61920 DF PROTO=TCP SPT=48280 DPT=40945 WINDOW=64240 RES=0x00 SYN URGP=0
Nov 24 14:40:32 ubuntuspawn kernel: [6631012.854881] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=31.13.65.36 DST=[myIP] LEN=40 TOS=0x0C PREC=0x60 TTL=87 ID=0 DF PROTO=TCP SPT=443 DPT=62644 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 14:40:32 ubuntuspawn kernel: [6631012.854945] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=31.13.65.36 DST=[myIP] LEN=40 TOS=0x0C PREC=0x60 TTL=87 ID=0 DF PROTO=TCP SPT=443 DPT=62644 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 14:40:38 ubuntuspawn kernel: [6631018.779255] [UFW BLOCK] IN=enp2s0 OUT= MAC=00:26:18:92:60:c7:4c:12:65:64:39:50:08:00 SRC=95.192.81.202 DST=[myIP] LEN=52 TOS=0x00 PREC=0x00 TTL=238 ID=23544 DF PROTO=TCP SPT=61805 DPT=40945 WINDOW=64240 RES=0x00 SYN URGP=0
other then that I only see this

Nov 24 14:30:47 ubuntuspawn kernel: [6630427.637180] CIFS VFS: Free previous auth_key.response = 0000000048575e17

Is there a better way to go about this?
11-24-2021, 11:16 AM
Reply
Subscribe to this thread Subscribed Users  Add Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  [ubuntu] I Need Help on Means on Bombing/Blasting/Spamming Inbox and Vulnerable Site tyelenacarrollg 0 124 03-13-2012 05:01 AM
Last Post: tyelenacarrollg

Forum Jump:



User(s) browsing this thread: 1 Guest(s)



Contact Us Privacy Policy Top RSS
Forum Software By: MyBB, © 2002-2021