Hello, my ip just blocked by SPAMHAUSE because my IP (some account) is in botnet network:
then:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address "remoteIP" or host name "www.website.com" on any port with a network sniffer such as Wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to "remoteIP" or "www.website.com". See Advanced Techniques for more detail on how to use Wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.
so what i can do? how to find what account made this? is there any log that i find that website or IP?
is there anything i can do to prevent this?
| Detection Information Summary | |
|---|---|
| Destination IP | remoteIP |
| Destination port | 80 |
| Source IP | MyIP |
| Source port | 44034 |
| C&C name/domain | www.website.com |
| Protocol | TCP |
| Time | Fri Apr 24 08:40:24 2020 UTC |
then:
Behind a NAT, you should be able to find the infected machine by looking for attempted connections to IP address "remoteIP" or host name "www.website.com" on any port with a network sniffer such as Wireshark. Equivalently, you can examine your DNS server or proxy server logs to references to "remoteIP" or "www.website.com". See Advanced Techniques for more detail on how to use Wireshark - ignore the references to port 25/SMTP traffic - the identifying activity is NOT on port 25.
so what i can do? how to find what account made this? is there any log that i find that website or IP?
is there anything i can do to prevent this?
