[ISSForum] Email_Xchg_Auth Attack

Li, Cora Tue, 04 Mar 2003 08:42:06 -0800

This morning my network sensor has detected over 250 times of the below attack.


abc.xxx.yyy.zzz is our Exchange 2000 server.  And I can see there is a lot of login 
attempts on my Exchange server at the same time. Anyone know what exactly they did?  
Our firewall only open port 25 to this server.

thanks,
Cora

'Email_Xchg_Auth' event detected by 'LAN_Sensor' at '10.1.1.3'.
Details:
        Source IP Address: 218.70.146.11
        Source Port: (2279)
        Source MAC Address: N/A
        Destination IP Address: abc.xxx.yyy.zzz
        Destination Port: E-mail(25)
        Destination MAC Address: N/A
        Time: 2003-03-03 22:42:01 UTC
        Protocol: TCP(6)
        ICMP Type: N/A
        ICMP Code: N/A
        Priority: high
        Actions: DISPLAY=Default:0,EMAIL=Default:0,LOGDB=LogWithoutRaw:0
        Event Specific Information:
                :bin: 0
                :line: LOGIN
                :victim-ip-addr: abc.xxx.yyy.zzz
                :victim-port: 25
                :intruder-ip-addr: 218.70.146.11
                :intruder-port: 2279

_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo

[ISSForum] Email_Xchg_Auth Attack

Reply via email to