List of ports: Section 3.24: http://www.swinc.com/resource/exch_faq_sec3.htm XGEN: TCP Ports and Microsoft Exchange: In-depth Discussion http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q176466&;
Port110 is the default POP3 port. If I must use POP3, I would favour POP over SSL and not leave port110 available. -----Original Message----- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 7:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 & 110? Also, if anyone wants to look at the Event Logs, simply click on: <http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip> [This is a new link & new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) >-----Original Message----- >From: Ely, Don [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:36 AM >Subject: RE: Exchange 5.5 server HACKED! > > >Uhhhh... Telneting to the server alone does NOT mean the server is an >open relay... I can telnet port 25 to any server in the world, that >doesn't mean I can relay mail... > >-----Original Message----- >From: Joe Irvine [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:38 AM >Subject: RE: Exchange 5.5 server HACKED! > > >Actually, no.. if you can telnet to the mail server you can relay. No >hacking needed. This is by the very nature of exchange. I would >recommend looking at not allowing characters like %$! Through your >firewall. Here's a link to check to see if you have an open relay.. > >http://www.abuse.net/relay.html > > > >Thanks, > >Joe Irvine > -----Original Message----- >From: Dan Schwartz [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:30 AM >To: MS-Exchange Admin Issues >Subject: RE: Exchange 5.5 server HACKED! >Importance: Low > > > Look at the 4031 error messages, which indicate SOMEONE is trying to >relay through the server, and since unauthorized relaying is prohibited >that tells me someone has hacked in. > >>-----Original Message----- >>From: William Lefkovics [mailto:[EMAIL PROTECTED]] >>Sent: Tuesday, July 16, 2002 1:03 AM >>To: MS-Exchange Admin Issues >>Subject: RE: Exchange 5.5 server HACKED! >> >> >>Then it's sorta in production then, yes? >> >>Was there a concern other than the 4318's? >> >>-----Original Message----- >>From: Dan Schwartz [mailto:[EMAIL PROTECTED]] >>Sent: Monday, July 15, 2002 9:55 PM >>Subject: RE: Exchange 5.5 server HACKED! >> >> >> >> Yes, it's connected, and the DNS servers have been pointed at it for >about a week... >> --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
