Re: Detecting Zombies?

Set up the network's Internet gateway/firewall to block all outgoing
SMTP traffic that is not from the company mail server to the ISP's mail
server, and to alert some competent person on other attempts to send
SMTP traffic. That will quickly block the effects of most zombie
software, and let you know what's happening.

Actually, I have done that. In fact, it is the only computer thing I have
done there. My career was computers from the mainframe days in 1968 to
a few years ago when I retired. Now I only work at different jobs that I
enjoy, and this one happens to have nothing to do with any type of system
admin or computers of any kind other than using one on occasion.

But, when I saw that this company (a fairly new startup with not a whole
lot of capital) didn't even have a firewall, I offered to set one up using
of an old machine. I loaded Smoothwall on it and turned off everything
except port 80, so now at least they have a firewall. I have refused their
offer for system services.

Someday (If they make it) they will have a real system admin (not me!),
but for now it is like the average icon clicker's machine all over the
world. That is to say, no matter how current the virus checker, the
machines will be polluted just hours after seeing the Internet for the
first time.

Dan
.