Sorry, I don't get it ----- Original Message ----- From: "Tom Meunier" <[EMAIL PROTECTED]> To: "MS-Exchange Admin Issues" <[EMAIL PROTECTED]> Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED!
This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. > -----Original Message----- > From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 09:55 AM > To: MS-Exchange Admin Issues > Subject: RE: Exchange 5.5 server HACKED! > > > > OK, does anyone have a list of the ports Exchange 5.5 > uses, besides 25 & 110? > > Also, if anyone wants to look at the Event Logs, simply > click on: > <http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve > ntlog.zip> > [This is a new link & new file from the one previously posted by me.] > > Cheers! > Dan > > "There are two major products that come out of Berkeley: LSD and UNIX. > We don't believe this to be a coincidence." (Jeremy S. Anderson) > > >-----Original Message----- > >From: Ely, Don [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:36 AM > >Subject: RE: Exchange 5.5 server HACKED! > > > > > >Uhhhh... Telneting to the server alone does NOT mean the > server is an > >open relay... I can telnet port 25 to any server in the world, that > >doesn't mean I can relay mail... > > > >-----Original Message----- > >From: Joe Irvine [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:38 AM > >Subject: RE: Exchange 5.5 server HACKED! > > > > > >Actually, no.. if you can telnet to the mail server you can > relay. No > >hacking needed. This is by the very nature of exchange. I would > >recommend looking at not allowing characters like %$! Through your > >firewall. Here's a link to check to see if you have an open relay.. > > > >http://www.abuse.net/relay.html > > > > > > > >Thanks, > > > >Joe Irvine > > -----Original Message----- > >From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:30 AM > >To: MS-Exchange Admin Issues > >Subject: RE: Exchange 5.5 server HACKED! > >Importance: Low > > > > > > Look at the 4031 error messages, which indicate SOMEONE > is trying to > >relay through the server, and since unauthorized relaying is > prohibited > >that tells me someone has hacked in. > > > >>-----Original Message----- > >>From: William Lefkovics [mailto:[EMAIL PROTECTED]] > >>Sent: Tuesday, July 16, 2002 1:03 AM > >>To: MS-Exchange Admin Issues > >>Subject: RE: Exchange 5.5 server HACKED! > >> > >> > >>Then it's sorta in production then, yes? > >> > >>Was there a concern other than the 4318's? > >> > >>-----Original Message----- > >>From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > >>Sent: Monday, July 15, 2002 9:55 PM > >>Subject: RE: Exchange 5.5 server HACKED! > >> > >> > >> > >> Yes, it's connected, and the DNS servers have been > pointed at it for > >about a week... > >> > > --- > This attachment has been scanned for hostile code: > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 > > > List Charter and FAQ at: > http://www.sunbelt-> software.com/exchange_list_charter.htm > > List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
