Menu
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
496 Views
Message 21 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

I'm putting telnet smtp.blueyonder.co.uk 25 into telnet is this wrong?

0 Kudos
Reply
Highlighted
  • 18.42K
  • 1.07K
  • 7.92K
Very Insightful Person
Very Insightful Person
487 Views
Message 22 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

No it's not wrong

That's a test I used to make sure that we are capturing the right port.  Now press the stop button (red square) and the Start button (blue fin) and wait.

If there are no packets after around 30 minutes then the PC itself is not the cause.  However it does mean something else on your network is.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
482 Views
Message 23 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

Started getting packets after 15-30 seconds?

PS. connection keeps dropping regularly on telnet?

0 Kudos
Reply
Highlighted
  • 18.42K
  • 1.07K
  • 7.92K
Very Insightful Person
Very Insightful Person
469 Views
Message 24 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

I apologise, it appears I was not clear enough.

You only need to run the telnet test once.
It is a test to make sure wireshark can see the packets passing on port 25.  If no commands are entered the connection should drop anyway.  But now you want to see if you are getting packets when not using telnet.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
447 Views
Message 25 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

No packets after 30 mins
0 Kudos
Reply
Highlighted
  • 11K
  • 1.24K
  • 5.22K
Very Insightful Person
Very Insightful Person
444 Views
Message 26 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

So your capture screen is blank? You've turned off telnet and you are simply looking at traffic on your PC through port 25 tcp? All true, then you've done really well. I'm not an expert on Wireshark use (as Tim certainly is) but I'd leave it for a full hour. If no activity seen your PC is clean. The next step is to check your devices via the wifi hotspot in windows 10.

You have a large number of devices on your network. I've looked at the helpful list you made and nothing stands out an obvious culprit for sending spam from the ones we have identified already (Firesticks were one, and using the Hola VPN the other). Any of them could be (perhaps not Alexas, but I don't know anything about them). The mobile phones seem a possibility. You aren't using Hola as a VPN are you - definitely has been identified as culprit sending traffic over port 25?


I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
441 Views
Message 27 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

No Hola (not for 4or 5 years anyway!
50 minutes in and nothing packet wise
0 Kudos
Reply
Highlighted
  • 4.88K
  • 535
  • 1.76K
Very Insightful Person
Very Insightful Person
415 Views
Message 28 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

Out of curiosity which Asus router do you use?

0 Kudos
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
409 Views
Message 29 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

RT-AC68U
0 Kudos
Reply
Highlighted
  • 18.42K
  • 1.07K
  • 7.92K
Very Insightful Person
Very Insightful Person
392 Views
Message 30 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

I don’t know if the AC68U has this but check in your router settings for this.

https://www.asus.com/uk/support/FAQ/1013636/

Note this will let you block outbound traffic from your LAN using port 25.

However you do need to follow up by checking any logs to find out which devices get blocked.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks