Cisco Support Community
Community Member

How to track spammer targets?


Is there a way to identify what addresses is a spammer attacking? Very much like NBAR that reports protocols accounting by interface, we need to be able to tell a list of ip addresses (or networks) an interface is reaching.


- Adrian


Re: How to track spammer targets?

If you are trying to use your router to block the spamming you are receiving, do a show ip packet detail and pick through it to find the ports. Look at every one of your ip addresses, check them against the ones in his email server to find out which ones are spam. If you are using caching, please see bug CSCdx05705.

Community Member

Re: How to track spammer targets?


More on this problem... I suspect one of our users may be sending spam; we detect high volumes of traffic in protocols smtp and pop3 by the use of NBAR. Now, unless someone complains about being targets from SPAM from us, and that complain actually reaches us (cursing aloud is not enough!) I may not be aware our network is being used for spamming.

What I want is to track to which IPs this user is sending most of his traffic and then I *proactively* would contact their network admins and ask them *basically* "Do you hate me? Sorry.. it's us but it is not me!", and then have arguments to ask our user to stop his behaviour.

Is there any other way embedded in the router to achieve this?

Already we are looking into installing a sniffer and take it from there... but hoped the router had a way to do it.

- Adrian

(still hopeful)

CreatePlease to create content