Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What tool or utility can I use to stop IP spoofing?

I'm running my mail server on a Windows 2000 SP4 server. Everything is working fine, but I've noticed recently that an SMTP server (or something pretending to be an SMTP server) keeps trying to connect and route mail to my real SMTP Mail server. This isnot a big deal normally, as I know many ways to block outside threats. But this particular "fake" SMTP server is identified as having an Internal IP Address of There is only one NIC Card with one IP address assigned to my mail server (my mail server's IP address is, so I'm confident that my own server is not trying to route mail to itself.

What I am very concerned about is that I may have a computer, logged in to my network (behind my firewall and therefore directly connected to my LAN) that may have a bug or virus that is trying to route mail using its own SMTP engine to propagate itself. I do not use NETBios and I don't even have WINS turned on as all of my PCs are W2K or WinXP. DNS does not have anything static assigned to and my DHCP server would not have assigned this address as it's pool of addresses do not even begin until

So my question is, what tool or utility can I use to determine what node on my network is using the IP Address of and pretending to be an SMTP server?
Use Network Monitor on your mail server, this will give you the MAC address of the machine that is using this IP address. It sounds like the attacking machine is using IP Spoofing to mask its source address, so in all likelihood it's actually _not_ a machine with that source IP. The MAC address will allow you to track down which machine is actually sending the rogue SMTP packets.

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.