I just got a call from a client of mine. They say their ISP has alerted them that one of the computers on their network is sending out spam.

How do I hunt that computer down?

The computer is on a network that is merely a bunch of switches all going back to a Linksys router running Tomato with QOS turned on. I can't remember if I turned on statistics, or if that would even help.

What kind of traffic should I look out for, and how do I look out for it? Is there a way to find out the MAC address of the computer in question and block it? All the users on this network are students spread out across 4 floors and a few dozen rooms, so it's nearly impossible to go to each computer and investigate. I'm hoping that I can block the computer in question entirely, and then that student will come complaining that they don't have internet.

But how can I do that?