From mboxrd@z Thu Jan  1 00:00:00 1970
From: Payal Rathod <payal-iptables@staticky.com>
Subject: finding out the culprit ip
Date: Sat, 6 Sep 2003 00:04:20 +0530
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <20030905183420.GA1850@linux.local>
Mime-Version: 1.0
Return-path: <netfilter-admin@lists.netfilter.org>
Content-Disposition: inline
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: netfilter@lists.netfilter.org

Hi,
A particular machine in my LAN is affected by SoBig virus and is sending
mails to remote sites. I need to find that IP. The only lead I have is
that it is that IP which is generating maximum SMTP traffic. How do I
find it out and block it (or maybe clean it)?

Any ideas on this?
With warm regards,
-Payal

-- 
"Visit GNU/Linux Success Stories"
http://payal.staticky.com
Guest-Book Section Updated.