[PLUG] Using Wireshark
Bill Barry
barryb at proaxis.com
Sat Dec 20 01:10:06 UTC 2008
On Fri, Dec 19, 2008 at 11:23 AM, Richard C. Steffens
<rsteff at comcast.net> wrote:
> Since the first part survived, here's the e-mail without the quote from
> Comcast's e-mail.
>
> I got an e-mail from Comcast this morning. It includes the following:
>
> (I'll skip the quote. Their e-mail told me that they reconfigured my
> cable modem to prevent sending e-mail through port 25. They instructed
> me to switch Thunderbird to port 587.)
>
> First thing this morning, I called the Comcast tech support 888 number
> and asked if this sounded like a bogus e-mail; it looked OK to me -- all
> of the links were to comcast.net -- but one never knows these days. He
> said that it was valid, and that port 587 is a valid port for sending
> e-mail through comcast.net.
So the summary is they are preventing your machines from connecting to
port 25 on their machines because they think you are sending spam via
that route. You would hope they could detect such things quite
reliably so it is probably true. Of course the most probable cause of
this is a Windows computer infected with one of the prevalent botnet
trojans such as srizbi.
http://en.wikipedia.org/wiki/Srizbi_botnet
Windows defender might be able to find and eliminate the problem.
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
Or Zonealarm
http://www.download.com/ZoneAlarm-Firewall-Windows-2000-XP-/3000-10435_4-10039884.html
might block the outgoing packets and give you some idea of which
program is trying to make the outgoing connection.
Bill
More information about the PLUG
mailing list