[c-nsp] SMTP "Monitoring"
Matt Stockdale
mstockda at logicworks.net
Fri Jun 30 17:12:15 EDT 2006
You could probably do something quick and dirty with netflow.. but that
might be a bit on the heavy side... Of course, if you get your
transparent SMTP proxy going, there are probably a bunch of drop in 3rd
party tools to just tarpit the offender and notify you..
Matt
On Fri, 2006-06-30 at 15:23 -0400, Paul Stewart wrote:
> Hi there...
>
> Is there a way to monitor and/or alarm SMTP connections that transverse
> the FW blade in a 6509? Specifically, can you generate some form of an
> alarm if IP address 10.1.1.1 sends more than 10 emails in a 60 second
> period etc? This is to cut down on spam outbreaks that are caused by
> infected customers etc... We could just block that customer's IP until
> it's cleared up etc...
>
> Thanks,
>
> Paul Stewart
> Network Administrator
> Nexicom Inc.
> http://www.nexicom.net/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list