I have that thread in a .pst somewhere. -----Original Message----- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 8:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED!
Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -----Original Message----- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 & 110? Also, if anyone wants to look at the Event Logs, simply click on: <http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip> [This is a new link & new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) >-----Original Message----- >From: Ely, Don [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:36 AM >Subject: RE: Exchange 5.5 server HACKED! > > >Uhhhh... Telneting to the server alone does NOT mean the server is an >open relay... I can telnet port 25 to any server in the world, that >doesn't mean I can relay mail... > >-----Original Message----- >From: Joe Irvine [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:38 AM >Subject: RE: Exchange 5.5 server HACKED! > > >Actually, no.. if you can telnet to the mail server you can relay. No >hacking needed. This is by the very nature of exchange. I would >recommend looking at not allowing characters like %$! Through your >firewall. Here's a link to check to see if you have an open relay.. > >http://www.abuse.net/relay.html > > > >Thanks, > >Joe Irvine > -----Original Message----- >From: Dan Schwartz [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, July 16, 2002 9:30 AM >To: MS-Exchange Admin Issues >Subject: RE: Exchange 5.5 server HACKED! >Importance: Low > > > Look at the 4031 error messages, which indicate SOMEONE is trying to >relay through the server, and since unauthorized relaying is prohibited >that tells me someone has hacked in. > >>-----Original Message----- >>From: William Lefkovics [mailto:[EMAIL PROTECTED]] >>Sent: Tuesday, July 16, 2002 1:03 AM >>To: MS-Exchange Admin Issues >>Subject: RE: Exchange 5.5 server HACKED! >> >> >>Then it's sorta in production then, yes? >> >>Was there a concern other than the 4318's? >> >>-----Original Message----- >>From: Dan Schwartz [mailto:[EMAIL PROTECTED]] >>Sent: Monday, July 15, 2002 9:55 PM >>Subject: RE: Exchange 5.5 server HACKED! >> >> >> >> Yes, it's connected, and the DNS servers have been pointed at it for >about a week... >> --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm ************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] ************************************************* List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
