Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DSL Service Provider Disconnection...

Status
Not open for further replies.
onrdbandit

onrdbandit

Programmer
Mar 12, 2003
145
US
Howdy,

I am trying to help a friend out by being his "computer guy" for his office. Their DSL provider has blocked all outgoing mail traffic due to virus/worm related spamming. The provider said the traffic originated from the .43 IP address on our subnet. First, how could the provider know that? The DSL modem (Lucent DSL-Pipe) is (I assume) a router and provides 4 ports. If it is a router, would they be able to determain IP's behind the router?

The major problem is that I can't find any machines on the network with the .43 IP that the provider gave me. Employees are always bringing notebook PC's in and out, but I have yet to find the "culprit" PC.

If the IP addresses had been setup in an orderly fashion, it would not be such an issue to find the mystery .43 machine, but IP's were essentially randomly assigned to machines.

So, finally, should I continue the search for the mystery machine, or is the IP number they gave me likely bogus?

Any help is greatly appreciated...

Thanks,
onrdbandit

If we are only animals, how do we decide what is right and what is wrong?
 
Sort by date Sort by votes
How did your ISP know :- The IP was most likely reported to a blacklist something like for spam or something like for open mail relays. There are many others that are out there for reporting these to. They then report the offending IP to the ISP and the ISP deal with it from there.

You can check your IP's against these lists to.

It most likley that the offending machine has caught one of the latest worm/virus that has its own mail engine to send out spams etc. Either that or you could have an open mail relay on your network that is being used to spam.

You could use a packet sniffer on the network to monitor traffic going in and out to try and pick up the offending machine. Something like etheral
Hope this helps
 
Upvote 0 Downvote
Faithless explains how the ISP "know", but my interest is different. Why is the LAN using public IPs for its addressing?

 
Upvote 0 Downvote
Howdy,

I dont understand the address thing either. That was my main question. I dont understand how the address got past our LAN. Seems to me, the 192.168.1.[whatever] IP's should be private addresses. It is my understanding that Private Addresses can only be referenced from within their specific subnet.

I dont know much about networking and such, as I have no training in this field. I am basically stumbling over those infamous office workers who think they know what they are taking about, and are constantly telling me how to do what they are asking my to do for them [evil].

So, I am really at a loss for words. I really dont have any idea what is going on.

Thanks guys,
onrdbandit

If we are only animals, how do we decide what is right and what is wrong?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

peter2057
  • Locked
  • Question
dsl modem
Replies
2
Views
101
jknichols
jknichols
ChrisRChamberlain
  • Locked
  • Question
Port Forwarding on D-Link DSL 2680 not working
Replies
0
Views
57
ChrisRChamberlain
ChrisRChamberlain
Luvdeep
  • Locked
  • Question
3CX Phone System With ThinkTel VOIP Provider DTMF Signals
Replies
5
Views
91
Luvdeep
Luvdeep
Mansell
  • Locked
  • Question
Outdoor "rugged" DSL Modem
Replies
1
Views
65
MikeHalloran
MikeHalloran
rn4it
  • Locked
  • Question
DSL modem question
Replies
1
Views
91
SYQUEST
SYQUEST

Part and Inventory Search

Sponsor

Back
Top