top of page
Search

Internal SPAMMER Detected

  • Writer: Pavan Raja
    Pavan Raja
  • Apr 8, 2025
  • 2 min read

Summary:

The document is a notice from ArcSight about a new rule in their Enterprise Security Manager (ESM) version 4.5 Service Pack 2, aimed at detecting internal sources sending out spam through port 25. If such an event occurs on the network, it might indicate that the host is infected or part of a malware or botnet. This poses potential risks to both the organization's security and reputation. The rule named "Internal SPAMMER Detected" in ArcSight ESM detects when an unprotected host is sending spam through port 25 under specific conditions: the Attacker Asset is protected, the Target Asset is not, and there are at least 10 connection attempts to the target port 25 within a minute. This rule is contained in one file named "Internal_SPAMMER_Detected.arb". The document does not provide technical details on how to use or implement this rule but serves as an announcement of its presence within ArcSight ESM version 4.5 SP2 for addressing internal spam issues.

Details:

This document is a notice from ArcSight about detecting internal SPAM sources, which are important for enterprise security. If a host on the network is found to be sending out SPAM, it might be infected and part of a malware or botnet. Not only does this pose a risk to the organization's security, but also to its reputation if other organizations find out about the issue first. ArcSight has included a rule in their ESM (Enterprise Security Manager) version 4.5 SP2 that detects when an unprotected host is sending spam through port 25. The rule triggers when certain conditions are met: the Attacker Asset is protected, the Target Asset is not, and there's at least 10 connection attempts to the target port 25 within a minute. The package includes an ESM rule named "Internal SPAMMER Detected," which can be used in ArcSight ESM for detecting this kind of activity. The rule is contained in one file, "Internal_SPAMMER_Detected.arb." This document doesn't provide technical details on how to use the rule or implement it; instead, it serves as an announcement and a reference that such a tool exists within ArcSight ESM version 4.5 SP2 for addressing internal SPAM issues.

Disclaimer:
The content in this post is for informational and educational purposes only. It may reference technologies, configurations, or products that are outdated or no longer supported. If there are any comments or feedback, kindly leave a message and will be responded.

Recent Posts

See All
Zeus Bot Use Case

Summary: "Zeus Bot Version 5.0" is a document detailing ArcSight's enhancements to its Zeus botnet detection capabilities within the...

 
 
 
Windows Unified Connector

Summary: The document "iServe_Demo_System_Usage_for_HP_ESP_Canada_Solution_Architects_v1.1" outlines specific deployment guidelines for...

 
 
 

Comments

@2021 Copyrights reserved.

bottom of page