About a month ago one of our customers experienced some problems with a mail server during an email campaign.  Since the customer had Mailinizer for exchange log reporting installed, we were able to run a few email reports. We noticed that after a couple of hours the volume of email being sent started to tail off.  At first, would couldn’t understand what was happening.

IPFIX agent helps detect dns attack

Initially confused and bewildered by the event, we decided to look at the volume of flows on their connection to the internet.  After looking at the NetFlow reports, we noticed that the inbound volume of flows from two servers to the mail server was extremely high.
* idns2.newttidc.com
* idns1.newttidc.com

We found that due to the extremely high volume of connections to the mail server, it was unable to continue sending out emails at the same volume. We ran another report in the to determine who was responsible for these two servers.

Mailinizer is a log monitoring software for exchange that exports the logs in IPFIX datagrams off to the NetFlow / IPFIX collector. It is a great utility for email traffic reports and exchange reporting.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Leave a Reply