Menu
Reply
Highlighted
  • 4.87K
  • 534
  • 1.76K
Very Insightful Person
Very Insightful Person
389 Views
Message 31 of 37
Flag for a moderator
Helpful Answer

Re: finding mail Bots (wireshark)


@ravenstar68 wrote:

I don’t know if the AC68U has this but check in your router settings for this.


Advanced Settings, Firewall, Network Services Filter. Enable Network Services Filter and under Network Services Filter Table leave Source IP, Port Range, Destination IP blank, set Port Range to 25, add the rule, and then select Apply.

BTW  Advanced Settings, System Log, Connections history may help identify spambot; under Destination column look for entries ending with :25

Highlighted
  • 24
  • 0
  • 1
On our wavelength
356 Views
Message 32 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

port 25.jpg

Where will port 25 show up on the above log?

Thanks

Stephen

0 Kudos
Reply
Highlighted
  • 4.45K
  • 300
  • 1.5K
Community elder
338 Views
Message 33 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

Some malware infections have multiple attack vectors after being installed.

There is the danger that blocking outgoing connections on port 25 at the router, blocking spam bot activity, still leaves the possibility that other potentially nefarious activity such as key logging will continue until the infection is identified and removed.

A false sense of security is possibly more dangerous than the malware infection itself.

 

 




It's What I Do.
I Drink and I
Remember Things.

Only mark a post as helpful if your issue has been resolved.
Highlighted
  • 4.87K
  • 534
  • 1.76K
Very Insightful Person
Very Insightful Person
320 Views
Message 34 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)


@vj531 wrote:


Where will port 25 show up on the above log?


Select System Log and then the Connections tab; you may need to unblock port 25 for connections to be logged.

0 Kudos
Reply
Highlighted
  • 24
  • 0
  • 1
On our wavelength
313 Views
Message 35 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

Unblock port 25?
OK....so where will I see the port# on the log?
0 Kudos
Reply
Highlighted
  • 4.87K
  • 534
  • 1.76K
Very Insightful Person
Very Insightful Person
292 Views
Message 36 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)


@vj531 wrote:
Unblock port 25?

Previous post mentioned how to use the RT-AC68U firewall to block outgoing traffic to port 25.


OK....so where will I see the port# on the log?

The RT-AC68U does not have a Connections tab under Systems Log; my mistake, sorry.

You will need to use the Wireshark solution to identify the device(s) causing the spambot issue.

Highlighted
  • 59
  • 0
  • 2
Tuning in
187 Views
Message 37 of 37
Flag for a moderator

Re: finding mail Bots (wireshark)

Sorry to hijack this post but I am wondering if any members on here have been able to discover and solve the spam bot issue please??  I am having a nightmare find and removing the spam bot.. I have tried several techniques using wire shark and port 25 settings and then creating a hotspot connecting my devices to it, etc.. And nothing is found at all in wire shark even tho it has been running for hours, not 30mins...  But I am still blacklisted..  What am I doing wrong??  This has been going on for weeks 

0 Kudos
Reply