On Tue, Sep 7, 2010 at 10:35 AM, Jon Lewis <jle...@lewis.org> wrote: > On Tue, 7 Sep 2010, Christopher Morrow wrote: >> I used to have some quick/dirty instructions for how to verify that >> the traffic was in fact proxy traffic, something like: >> 1) log traffic from the soon-to-be-ex-customer (acl logs are fine) >> 2) pick an external 'top talker' >> 3) route that /32 to a host you control >> 4) run NC on the port that /32 is being contacted on >> 5) rejoice (and shut now ex-customer interface) when you see: "CONNECT >> smtp.xxxxx:25" > > Seems like a lot of work when you could just setup a monitor session on > their port and capture a few minutes of actual spam traffic as evidence just > before shutting their port.
sorry, can't do monitor on a ptp oc-12 link :(
