On Friday 14 May 2004 13:07, azeem ahmad wrote: > thanks a lot Mr. Gavin Hamill > but i have blocked all the port 25 traffic even then the infected ip which > is 192.168.0.105 is reciving smtp from many ip addresses from out side > the script i run is as follow That's fairly comprehensive - I don't think much will be getting through that :) You'll be running iptables on a machine with at least 2 network cards, so you may wish to try tcpdump on both eth0 and eth1 - since you will still likely be seeing the incoming traffic from the outside listed in the 'tcpdump' ouput, but no replies should be happening. Likewise, when you try on the other interface, you may see the LAN machine trying to send out a lot, but the connections will be failing and there should be nothing to worry about. Feel free to post a small amount of 'tcpdump' output if it would help clear things up? Cheers, Gavin.
