I route discussions@entrysecurity and *giddyboy* to /dev/null... :P -----Original Message----- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 12:11 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED!
I'd imagine it's for the same reason I had to make a gateway rule that routes messages with the text "[LIST ADMIN] Do Not Reply" to /dev/null. > -----Original Message----- > From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 11:07 AM > To: MS-Exchange Admin Issues > Subject: Re: Exchange 5.5 server HACKED! > > > Whatever Don. I am not really sure why we are even having > this conversation. I guess it is because the list is slow, eh? > > ----- Original Message ----- > From: "Ely, Don" <[EMAIL PROTECTED]> > To: "MS-Exchange Admin Issues" > <[EMAIL PROTECTED]> > Sent: Tuesday, July 16, 2002 10:44 AM > Subject: RE: Exchange 5.5 server HACKED! > > > Well, while Tom can certainly handle his own, I "could" > certainly make every attempt to "make" you "feel bad". At > the very least, make you feel "inadequate". The choice is > yours... You're just another "Precht" for me to have a > little "fun" with! ;o) > > -----Original Message----- > From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 11:46 AM > To: MS-Exchange Admin Issues > Subject: Re: Exchange 5.5 server HACKED! > > > That is not nice Don. > > If he is trying to make me feel bad....he failed. > > ----- Original Message ----- > From: "Ely, Don" <[EMAIL PROTECTED]> > To: "MS-Exchange Admin Issues" > <[EMAIL PROTECTED]> > Sent: Tuesday, July 16, 2002 10:21 AM > Subject: RE: Exchange 5.5 server HACKED! > > > Figures! > > -----Original Message----- > From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 11:22 AM > To: MS-Exchange Admin Issues > Subject: Re: Exchange 5.5 server HACKED! > > > Sorry, I don't get it > > ----- Original Message ----- > From: "Tom Meunier" <[EMAIL PROTECTED]> > To: "MS-Exchange Admin Issues" > <[EMAIL PROTECTED]> > Sent: Tuesday, July 16, 2002 10:11 AM > Subject: RE: Exchange 5.5 server HACKED! > > > This is a FAQ, and I'm afraid to post the link for fear that > Matthew will flame me, and then say "How about [repost of the > FAQ link that I had just posted]?". > > I'll look at your logs, since that's NOT a FAQ. > > > -----Original Message----- > > From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 16, 2002 09:55 AM > > To: MS-Exchange Admin Issues > > Subject: RE: Exchange 5.5 server HACKED! > > > > > > > > OK, does anyone have a list of the ports Exchange 5.5 > > uses, besides 25 & 110? > > > > Also, if anyone wants to look at the Event Logs, simply click on: > > <http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve > > ntlog.zip> > > [This is a new link & new file from the one previously > posted by me.] > > > > Cheers! > > Dan > > > > "There are two major products that come out of Berkeley: > LSD and UNIX. > > We don't believe this to be a coincidence." (Jeremy S. Anderson) > > > > >-----Original Message----- > > >From: Ely, Don [mailto:[EMAIL PROTECTED]] > > >Sent: Tuesday, July 16, 2002 9:36 AM > > >Subject: RE: Exchange 5.5 server HACKED! > > > > > > > > >Uhhhh... Telneting to the server alone does NOT mean the > > server is an > > >open relay... I can telnet port 25 to any server in the > world, that > > >doesn't mean I can relay mail... > > > > > >-----Original Message----- > > >From: Joe Irvine [mailto:[EMAIL PROTECTED]] > > >Sent: Tuesday, July 16, 2002 9:38 AM > > >Subject: RE: Exchange 5.5 server HACKED! > > > > > > > > >Actually, no.. if you can telnet to the mail server you can > > relay. No > > >hacking needed. This is by the very nature of exchange. I would > > >recommend looking at not allowing characters like %$! Through your > > >firewall. Here's a link to check to see if you have an open relay.. > > > > > >http://www.abuse.net/relay.html > > > > > > > > > > > >Thanks, > > > > > >Joe Irvine > > > -----Original Message----- > > >From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > > >Sent: Tuesday, July 16, 2002 9:30 AM > > >To: MS-Exchange Admin Issues > > >Subject: RE: Exchange 5.5 server HACKED! > > >Importance: Low > > > > > > > > > Look at the 4031 error messages, which indicate SOMEONE > > is trying to > > >relay through the server, and since unauthorized relaying is > > prohibited > > >that tells me someone has hacked in. > > > > > >>-----Original Message----- > > >>From: William Lefkovics [mailto:[EMAIL PROTECTED]] > > >>Sent: Tuesday, July 16, 2002 1:03 AM > > >>To: MS-Exchange Admin Issues > > >>Subject: RE: Exchange 5.5 server HACKED! > > >> > > >> > > >>Then it's sorta in production then, yes? > > >> > > >>Was there a concern other than the 4318's? > > >> > > >>-----Original Message----- > > >>From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > > >>Sent: Monday, July 15, 2002 9:55 PM > > >>Subject: RE: Exchange 5.5 server HACKED! > > >> > > >> > > >> > > >> Yes, it's connected, and the DNS servers have been > > pointed at it for > > >about a week... > > >> > > > > --- > > This attachment has been scanned for hostile code: > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 > > > > > > List Charter and FAQ at: > > http://www.sunbelt-> software.com/exchange_list_charter.htm > > > > > > List Charter and FAQ at: > http://www.sunbelt-> software.com/exchange_list_charter.htm > > > > > List Charter and > FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-> software.com/exchange_list_charter.htm > > > > > List Charter and > FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: > http://www.sunbelt-> software.com/exchange_list_charter.htm > > > > > List Charter and > FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm > > List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
