I have an IP blocked by Spamhaus CBL, and it tells me the following instruction:
This IP address was detected and listed 2 times in the past 28 days,
and 2 times in the past 24 hours. The most recent detection was at Mon
May 25 02:25:00 2020 UTC +/- 5 minutes
This IP address is attempting to break into POP servers, probably with
stolen credentials, with the intent of stealing email. These are
usually part of targetted phishing attacks.
POP server attacks are usually on port 110 or port 995. This listing
event was for an attack on port 110. You should be able to spot the
infection by making outbound TCP connections to 110 via such tools as
iptables, netstat or ss.
As a reasonably intelligent dumb windows user, how can I test this to see if I do actually have any kind of infection? I know how to use telnet.exe but I have never even heard of iptables, netstat or ss – they sound like linux geek tools to me.
Go to Source
Author: mike nelson