7 visitors online now
0 guests, 7 bots, 0 members
Map of Visitors
Powered by Visitor Maps
At present in Northern Ireland we are experiencing widespread blips in power. This started with the snow that was forecast last night and has persisted until this morning. Nagios has flagged up quite a range of line and router problems across the province.
Its hard to believe that in this day and age – with the investment in infrastructure and the relatively simple nature of the problem – weather – that we cannot have a more reliable service. Its not the fact of dropouts per se – its the frequency and the fact that they have persisted for so long.
Lets wait until we hear the explanation for this – Wrong type of snow perhaps ? Wind blowing from the wrong direction ? Transformer pixies ?
Microblogging and its role in your organisation »« We need a bigger firewall
Well actually we just need to add some additional security checks in relation to spam mail being generated from an Exchange 2003 server. In this case we used wireshark to identify where the traffic was coming from and then locked the exchange server down further to make sure it could not be used to generate any more messages from non authenticated sources.
The odd behaviour – ie small amounts of spam were unusual. Working with CBL to get to the root of the issue was slow due to the lack of evidence we could find. Ultimately though the changes to security and the complexity of mail enabled apps in the origanisation were overcome to ensure no more blacklisting for this client.
However an abject lesson in tracking and identifying the source of these unapproved mails.
A blacklisting issue for a client led to dusting of my Ethereal experience and employing the new flavour of the veritable packet sniffing tool to narrow down smtp traffic from a specific machine. The product installation from www.wireshark.org was quick and clear in its instruction. Installing on a laptop connected to the external facing internet router – I switched on port mirroring to let the unit see the traffic being directed out from the server. Limiting the protocol filters to smtp and the source address of the originating mail server very quickly identified the traffic flows that were occuring. Checking the message queues in exchange identified a number of suspicious items and allowed the filter results to be corroborated.
As a diagnostic tool – its hard to beat Wireshark for its power in visualising the data flowing on your network – well worth taking the time to install on a laptop and using it to view the results. I have no doubt you will learn a lot from its output.
The next stage in my problem however – is to see what is causing the mails to be generated as the server is not an open relay. This will through exchange SMTP logging and reviewing the event logs to show how the mails are originating. Back with more
We need a bigger firewall »« Cutting through the forest of info
