Home
Topics
Microsoft Enterprise IT Management
Windows Operating System Management
What tool or utility can I use to stop IP spoofing?

What tool or utility can I use to stop IP spoofing?

Laura E. Hunter

I'm running my mail server on a Windows 2000 SP4 server. Everything is working fine, but I've noticed recently that an SMTP server (or something pretending to be an SMTP server) keeps trying to connect and route mail to my real SMTP Mail server. This isnot a big deal normally, as I know many ways to block outside threats. But this particular "fake" SMTP server is identified as having an Internal IP Address of 10.0.0.10. There is only one NIC Card with one IP address assigned to my mail server (my mail server's IP address is 10.0.0.3), so I'm confident that my own server is not trying to route mail to itself.

What I am very concerned about is that I may have a computer, logged in to my network (behind my firewall and therefore directly connected to my LAN) that may have a bug or virus that is trying to route mail using its own SMTP engine to propagate itself. I do not use NETBios and I don't even have WINS turned on as all of my PCs are W2K or WinXP. DNS does not have anything static assigned to 10.0.0.10 and my DHCP server would not have assigned this address as it's pool of addresses do not even begin until 10.0.0.75.

So my question is, what tool or utility can I use to determine what node on my network is using the IP Address of 10.0.0.10 and pretending to be an SMTP server?
Use Network Monitor on your mail server, this will give you the MAC address of the machine that is using this IP address. It sounds like the attacking machine is using IP Spoofing to mask its source address, so in all likelihood it's actually _not_ a machine with that source IP. The MAC address will allow you to track down which machine is actually sending the rogue SMTP packets.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in December 2003

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Windows Server
Exchange
Enterprise Desktop
Cloud computing
SQL Server
IT Channel

Windows Server
- Microsoft delivers patch updates for Windows Server 2012, Windows 8
  
  Microsoft delivered two critical and eight important bulletins in May's Patch Tuesday release, fixing issues in Windows Server 2012 and Office apps.
- Windows Azure Active Directory steps out of the shadows
  
  As Windows Azure Active Directory moves into general availability, we look at how it can help admins manage user authentication in the cloud.
- Steps to read XML files with PowerShell
  
  Wondering how to get PowerShell to read XML files? Our expert explains a few methods you could use.
Exchange
- Configuring federation proxy servers for a hybrid Office 365 deployment
  
  Part of the hybrid Office 365 single sign-on configuration process is correctly setting up federation proxy servers. Here's how.
- Exchange 2013 anti-malware protection: Will you need anything else?
  
  Trusting native Exchange 2013 anti-malware protection to protect your environment is an option, but that doesn't necessarily mean it's the best one.
- Exchange 2013 CU1 migration considerations
  
  Before migrating to Exchange 2013 CU1, you should know about some of the most important updates and how they'll affect your environment.
Enterprise Desktop
- Why a Windows security scan is not enough to protect your workstations
  
  A traditional Windows security scan may lure IT into complacency about desktop vulnerabilities, so look at four areas to beef up Windows security.
- Microsoft addresses legacy apps with Windows 8 app compatibility tools
  
  New operating systems are always accompanied by compatibility concerns. Windows 8 app compatibility is no different, or is it?
- How to protect Windows startup from a compressed Boot Manager file
  
  This week, our expert answers a question on how a hidden file can hinder the Windows startup process and how to restore the Windows Boot Manager.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
SQL Server
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
- xVelocity Columnstore Indexes in SQL Server 2012
  
  Curious about how xVelocity can help with your columnstore indexes? Check out this tip from Basit Farooq to find out.
IT Channel
- Avnet, HP team up on big data practice
  
  Avnet, HP are rolling out a big data practice aimed at helping HP partners build out their big data businesses.
- HDS partner program adjusted with account segmentation, rebate changes
  
  HDS is making changes to its TrueNorth partner program in five areas, including account segmentation, rebates, specialization support.
- Brocade partners gain additional IT financing option
  
  Brocade has rolled out its new Brocade Subscription Plus option, which enables monthly payment for a multivendor solution under a single contract.

All Rights Reserved,Copyright - 2013, TechTarget