RE: Outlook to Exchange over VPN issues
That's why we suggest a VPN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 21 August 2003 23:20 To: Exchange Discussions Subject: Re: Outlook to Exchange over VPN issues FYI, I've seen instances where it was required to open up port TCP 135 in order to get the Outlook client to work. The problem is the new msblaster virus; it uses port 135. Dave _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Outlook to Exchange over VPN issues
Do you port filter on all your trusted connections? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 6:20 PM To: Exchange Discussions Subject: Re: Outlook to Exchange over VPN issues FYI, I've seen instances where it was required to open up port TCP 135 in order to get the Outlook client to work. The problem is the new msblaster virus; it uses port 135. Dave _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Outlook to Exchange over VPN issues
BAS? From: Martin Blackstone [EMAIL PROTECTED] Reply-To: Exchange Discussions [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Subject: RE: Outlook to Exchange over VPN issues Date: Thu, 21 Aug 2003 19:40:59 -0700 Sounds like BAS -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 6:20 PM To: Exchange Discussions Subject: RE: Outlook to Exchange over VPN issues Huh? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 6:20 PM To: Exchange Discussions Subject: Re: Outlook to Exchange over VPN issues FYI, I've seen instances where it was required to open up port TCP 135 in order to get the Outlook client to work. The problem is the new msblaster virus; it uses port 135. Dave _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Outlook to Exchange over VPN issues
Broke A$$ Sh!t. Coined by myself because that's what most other admins have when they come posting to these forums... ;o) As an aside, I have been known to encounter my own BAS on my own network... :P -Original Message- From: Tony Hlabse [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 8:39 AM To: Exchange Discussions Subject: RE: Outlook to Exchange over VPN issues BAS? From: Martin Blackstone [EMAIL PROTECTED] Reply-To: Exchange Discussions [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Subject: RE: Outlook to Exchange over VPN issues Date: Thu, 21 Aug 2003 19:40:59 -0700 Sounds like BAS -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 6:20 PM To: Exchange Discussions Subject: RE: Outlook to Exchange over VPN issues Huh? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 6:20 PM To: Exchange Discussions Subject: Re: Outlook to Exchange over VPN issues FYI, I've seen instances where it was required to open up port TCP 135 in order to get the Outlook client to work. The problem is the new msblaster virus; it uses port 135. Dave _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: 3 Layers of Virus protection.
I thought trend scamail for exchange can handle is stores. I just installed trend scanmail for exchange 2k and so far I think I'm quite happy with it. We bought the suite so next week will start installing the spam filters. Any tips from the current users of scanmail a newbie should know. Matt -Original Message- From: Veld, Paul [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:16 PM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot...sounds good, can you send me some via email? -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Sent: Friday, 22 August 2003 4:58 AM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot. But on the technical side of things, I had a BE installation that would pop up at times and fail a backup telling me the Exchange database was corrupted. Management told me to prove it using something else besides the BE report. There were no Event log indications, user's were able to send and receive mail, but when we attempted to move the mailboxes to a replacement machine in the same site, the wheels fell off, the tranny fell out and the engine just blew a cork. The last good backup had migrated out of the rotation and we ended up loosing about half the data for about 125 users. Management listened afterwards. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 9:50 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. Thanks, John. I didn't want to come across as harsh, I just wanted you to provide some reasoning for why you felt that way. I've seen so many posts here and elsewhere blindly recommending to folks that they should run eseutil and/or isinteg, etc., when the poster has no clue how powerful those tools are or what they really do. I'm not inferring that's what you did, but that is where I am coming from. I will take a closer look at the store, but I am still of the opinion that the Symantec product is at fault. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 8:32 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I understood that you had not scanned the Exchange files with a file based AV product. However, if you have a product that runs for a long time, then suddenly stops working (locking up the server, etc) then the server starts working again when you take the product off, you should look at the points of intersection as to where a problem may have developed. In this case, your message databases. -1018 errors don't have to be recorded to have a problem inside the database. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 11:04 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I don't have a corrupted database. Why would you or what leads you to make that assumption? I have no 1018 errors, I have no event logs of any kind that point to any database errors. The problem has not re-occurred since removing the AV software. Like I said before, I did not have the file-level AV scanning the databases. If you are going to make a claim such as I should run maintenance, back it up with the reasons why. Not just saying you think I have database corruption. Tell me why you think I have corruption. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 8:46 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. Ben: Sounds like you may have a corrupted database. Have you thought about running maintenance on the server? John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 9:28 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. We had been running 3 layers until it seems that Symantec's product for Exchange 2000 (coupled with Corp Ed as file level) locked up the server a couple of times. I can't prove it was Symantec, but I removed all AV off our Exchange server, and it hasn't had a problem since.
Secondary SMTP addresses in E2k
Hello folks: Happy Friday to all! Native E2k/AD infrastructure; all patched and worm-free, thank you very much. My question: if a secondary SMTP address is changed to be the primary SMTP address of an existing mailbox, will that screw things up? For a group of users, our task is to change the FROM field to the new primary address and no longer use the previous primary SMTP address. (I may be wrong but I seem to recall this could be done in 5.5 wherein the FROM field is now the new primary SMTP address) Sounds like spoofing, doesn't it? Perhaps I'd just better test more. Thanks in advance for any replies! -Juancho _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Secondary SMTP addresses in E2k
Test it out on yours and see what happens. KJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juancho Ciocon Sent: Friday, August 22, 2003 10:30 AM To: Exchange Discussions Hello folks: Happy Friday to all! Native E2k/AD infrastructure; all patched and worm-free, thank you very much. My question: if a secondary SMTP address is changed to be the primary SMTP address of an existing mailbox, will that screw things up? For a group of users, our task is to change the FROM field to the new primary address and no longer use the previous primary SMTP address. (I may be wrong but I seem to recall this could be done in 5.5 wherein the FROM field is now the new primary SMTP address) Sounds like spoofing, doesn't it? Perhaps I'd just better test more. Thanks in advance for any replies! -Juancho _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Problem with OOO messages
EX 5.5, SP4 - NT4 SP6 Out of office message works for one user but not for at another user. Both users are on the same server, but in different recipient containsers. Any ideas why? Thanks --Alex Alborzfard Exchange Admin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Replication and Schema problem
Hopefully someone on this list will have a suggestion as to what to do with this problem: Upgrading from NT 4.0 domain/Exch. 5.5 - SP4 to AD with Exch 2000. The domain in question is not the root domain for the forest, but ForestPrep has been run successfully in the root. This particular domain is now Native mode (AD native mode vs. Exchange native) where the root domain is still mixed mode. ForestPrep changes to the schema have not replicated down to this domain, and I assume it's because of the Native vs. Mixed mode for AD. However, that may be an incorrect assumption. I've checked out a number of knowledgebase articles as well as Microsoft's Exch 2000 Admin's Guide and Mark Minasi's Windows 2000 Server books, but have not found a reason yet as to why there is no replication of schema other. So, I still have to think that this is the problem. Can anyone point me in the right direction with this problem? As it is the users in the new AD domain here are still able to access their Exch 5.5 mailboxes even though they log on in the AD domain, but they can't (of course) access their email through OWA, unless I go in and change their password in the NT 4.0 domain to match that in the AD. As an alternative solution, is there a method for exporting the schema from the root domain and manually importing it here to re-establish identical schemas? Is there a way to force this domain to run ForestPrep on it, even though it's not the root domain? Thanks for any help... I'm going to keep looking around for more info myself. Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Symantec Exchange virus filter
We are running E2K on Windows 2000 server with Symantec Virus/Filter. We have set the unrepairable virus rule to delete the email and attachments yet users are still getting an email from the server saying that the message had a virus and will be deleted. How can we stop the user from getting any notification, we don't want them to get any email regaurding viruses, cleaned or not. I have looked all over the Symantec site as well as the online help. Thanks in advance for any suggestion. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Problem with OOO messages
That problem is usually caused by some sort of hidden rule problem in the mailbox with the OOO problem. The fix is to use Cleansweep to blast all rules in the mailbox. -Peter -Original Message- From: Alex Alborzfard [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 8:53 To: Exchange Discussions Subject: Problem with OOO messages EX 5.5, SP4 - NT4 SP6 Out of office message works for one user but not for at another user. Both users are on the same server, but in different recipient containsers. Any ideas why? Thanks --Alex Alborzfard Exchange Admin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Replication and Schema problem
ForestPrep is just that - forest wide. Its all or nothing. I'm guessing you didn't run DomainPrep in this domain - and that IS domain specific, and needs to be run in each domain hosting Exchange servers (or users, IIRC). -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:11 PM To: Exchange Discussions Subject: Replication and Schema problem Hopefully someone on this list will have a suggestion as to what to do with this problem: Upgrading from NT 4.0 domain/Exch. 5.5 - SP4 to AD with Exch 2000. The domain in question is not the root domain for the forest, but ForestPrep has been run successfully in the root. This particular domain is now Native mode (AD native mode vs. Exchange native) where the root domain is still mixed mode. ForestPrep changes to the schema have not replicated down to this domain, and I assume it's because of the Native vs. Mixed mode for AD. However, that may be an incorrect assumption. I've checked out a number of knowledgebase articles as well as Microsoft's Exch 2000 Admin's Guide and Mark Minasi's Windows 2000 Server books, but have not found a reason yet as to why there is no replication of schema other. So, I still have to think that this is the problem. Can anyone point me in the right direction with this problem? As it is the users in the new AD domain here are still able to access their Exch 5.5 mailboxes even though they log on in the AD domain, but they can't (of course) access their email through OWA, unless I go in and change their password in the NT 4.0 domain to match that in the AD. As an alternative solution, is there a method for exporting the schema from the root domain and manually importing it here to re-establish identical schemas? Is there a way to force this domain to run ForestPrep on it, even though it's not the root domain? Thanks for any help... I'm going to keep looking around for more info myself. Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
OWA Logout page not displaying
Hi list, having a small problem with our OWA clients receiving a HTTP 500 - Internal server error The page cannot be displayed, when logging out of OWA. If I turn off friendly http errors I receive, Server Application Error The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance The event log on the cluster has this entry Event ID 36: The server failed to load application '/LM/W3SVC/100/Root Have found several articles relating to similar IIS issues but nothing specific to exchange. Most articles seem to point to the IWAM_MACHINENAME and IUSR_MACHINENAME not being in sync. Anyone experiencd this problem? Cheers Richard *** This correspondence is confidential and is solely for the intended recipient(s). If you are not the intended recipient, you must not use, disclose, copy, distribute or retain this message or any part of it. If you are not the intended recipient please delete this correspondence from your system and notify the sender immediately. No warranty is given that this correspondence is free from any virus. In keeping with good computer practice, you should ensure that it is actually virus free. E-mail messages may be subject to delays, non-delivery and unauthorised alterations therefore, information expressed in this message is not given or endorsed by Sx3 unless otherwise notified by our duly authorised representative independent of this message. Sx3 is a trading name of Service and Systems Solutions Limited, a limited company registered in Northern Ireland under number NI 32979 whose registered office is at 120 Malone Road, Belfast, BT9 5HT. *** _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: 3 Layers of Virus protection.
Yes, Scanmail for Exchange is Trend's product that scans incoming/outgoing e-mail. As far as Spam filters, you just need to be careful of what the actions are. When we used Symantec AV/Filtering on our Exchange server and enabled the filtering, it was quarantining everything. You could either quarantine, or leave it alone. Problem was when it quarantined it, it ripped the message apart, so if we wanted to release a quarantined message, it wasn't in the same format. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Posted At: Friday, August 22, 2003 8:46 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I thought trend scamail for exchange can handle is stores. I just installed trend scanmail for exchange 2k and so far I think I'm quite happy with it. We bought the suite so next week will start installing the spam filters. Any tips from the current users of scanmail a newbie should know. Matt -Original Message- From: Veld, Paul [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:16 PM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot...sounds good, can you send me some via email? -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Sent: Friday, 22 August 2003 4:58 AM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot. But on the technical side of things, I had a BE installation that would pop up at times and fail a backup telling me the Exchange database was corrupted. Management told me to prove it using something else besides the BE report. There were no Event log indications, user's were able to send and receive mail, but when we attempted to move the mailboxes to a replacement machine in the same site, the wheels fell off, the tranny fell out and the engine just blew a cork. The last good backup had migrated out of the rotation and we ended up loosing about half the data for about 125 users. Management listened afterwards. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 9:50 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. Thanks, John. I didn't want to come across as harsh, I just wanted you to provide some reasoning for why you felt that way. I've seen so many posts here and elsewhere blindly recommending to folks that they should run eseutil and/or isinteg, etc., when the poster has no clue how powerful those tools are or what they really do. I'm not inferring that's what you did, but that is where I am coming from. I will take a closer look at the store, but I am still of the opinion that the Symantec product is at fault. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 8:32 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I understood that you had not scanned the Exchange files with a file based AV product. However, if you have a product that runs for a long time, then suddenly stops working (locking up the server, etc) then the server starts working again when you take the product off, you should look at the points of intersection as to where a problem may have developed. In this case, your message databases. -1018 errors don't have to be recorded to have a problem inside the database. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 11:04 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I don't have a corrupted database. Why would you or what leads you to make that assumption? I have no 1018 errors, I have no event logs of any kind that point to any database errors. The problem has not re-occurred since removing the AV software. Like I said before, I did not have the file-level AV scanning the databases. If you are going to make a claim such as I should run maintenance, back it up with the reasons why. Not just saying you think I have database corruption. Tell me why you think I have corruption. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 8:46 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus
RE: Symantec Exchange virus filter
Look at your Error policy and uncheck the Click button which says To Recipients. That won't give them any emailYou have to do this for each policy/subpolicy. Nick Thakkar Network Administrator American Medical Response [EMAIL PROTECTED] 209-993-6974 -Original Message- From: Chad Wasinger [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 9:14 AM To: Exchange Discussions Subject: Symantec Exchange virus filter We are running E2K on Windows 2000 server with Symantec Virus/Filter. We have set the unrepairable virus rule to delete the email and attachments yet users are still getting an email from the server saying that the message had a virus and will be deleted. How can we stop the user from getting any notification, we don't want them to get any email regaurding viruses, cleaned or not. I have looked all over the Symantec site as well as the online help. Thanks in advance for any suggestion. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Non-Exchange related Sorry
I just wanted to know if anyone who is running Windows XP is having this problem or is this by design. When I access a map drive it take about 30 second to open. Then everything work fine but if I go away for about 30 minute and come back it would do the same. Is this how windows XP work? Thank You Tony _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Secondary SMTP addresses in E2k
Your recipient policy will probably revert your changes back to the original sooner or later. Sincerely, Andrey Fyodorov Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Juancho Ciocon [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:30 AM To: Exchange Discussions Subject: Secondary SMTP addresses in E2k Hello folks: Happy Friday to all! Native E2k/AD infrastructure; all patched and worm-free, thank you very much. My question: if a secondary SMTP address is changed to be the primary SMTP address of an existing mailbox, will that screw things up? For a group of users, our task is to change the FROM field to the new primary address and no longer use the previous primary SMTP address. (I may be wrong but I seem to recall this could be done in 5.5 wherein the FROM field is now the new primary SMTP address) Sounds like spoofing, doesn't it? Perhaps I'd just better test more. Thanks in advance for any replies! -Juancho _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Any issues with W2k RPC patch on Exchange 2000?
Has anyone applied the Blaster RPC patch to a W2k (SP3) Exch 2k (SP3) machine? If so, how did it go? Has anyone heard of any issues with Exchange 2000 and this patch? Thanks. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Any issues with W2k RPC patch on Exchange 2000?
I haven't seen any issues when I installed it some time ago (Ex2K). Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:59 AM To: Exchange Discussions Subject: Any issues with W2k RPC patch on Exchange 2000? Has anyone applied the Blaster RPC patch to a W2k (SP3) Exch 2k (SP3) machine? If so, how did it go? Has anyone heard of any issues with Exchange 2000 and this patch? Thanks. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Symantec Exchange virus filter
We had already unchecked the To Recipient box but they still get an email notice. I just spoke to Symantec support and they said it is a limitation of the way this version of SAVFMSE and Exchange work together and that it's exchange that is sending the notification email. Thanks for trying. - Original Message - From: Thakkar, Nick [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, August 22, 2003 10:36 AM Subject: RE: Symantec Exchange virus filter Look at your Error policy and uncheck the Click button which says To Recipients. That won't give them any emailYou have to do this for each policy/subpolicy. Nick Thakkar Network Administrator American Medical Response [EMAIL PROTECTED] 209-993-6974 -Original Message- From: Chad Wasinger [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 9:14 AM To: Exchange Discussions Subject: Symantec Exchange virus filter We are running E2K on Windows 2000 server with Symantec Virus/Filter. We have set the unrepairable virus rule to delete the email and attachments yet users are still getting an email from the server saying that the message had a virus and will be deleted. How can we stop the user from getting any notification, we don't want them to get any email regaurding viruses, cleaned or not. I have looked all over the Symantec site as well as the online help. Thanks in advance for any suggestion. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Any issues with W2k RPC patch on Exchange 2000?
I put the RPC patch on our Win2K SP3, Exch2K SP3 box about 3 weeks ago and havent had any issues. Jeff Hague MCSE Network Manager Randolph-Macon College -Original Message- From: Chinnery, Paul [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:06 PM To: Exchange Discussions Subject: RE: Any issues with W2k RPC patch on Exchange 2000? I haven't seen any issues when I installed it some time ago (Ex2K). Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:59 AM To: Exchange Discussions Subject: Any issues with W2k RPC patch on Exchange 2000? Has anyone applied the Blaster RPC patch to a W2k (SP3) Exch 2k (SP3) machine? If so, how did it go? Has anyone heard of any issues with Exchange 2000 and this patch? Thanks. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Any issues with W2k RPC patch on Exchange 2000?
We have done a few here with no issues so far. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 9:59 AM To: Exchange Discussions Subject: Any issues with W2k RPC patch on Exchange 2000? Has anyone applied the Blaster RPC patch to a W2k (SP3) Exch 2k (SP3) machine? If so, how did it go? Has anyone heard of any issues with Exchange 2000 and this patch? Thanks. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Replication and Schema problem
No, we are unable to run DomainPrep. It says that ForestPrep has not been run on the server, therefore it cannot run DomainPrep. However, the server is not part of the root domain, therefore ForestPrep cannot be run on it. The problem exists that the server has still not replicated the schema changes from the root domain. This is why I was wondering if there was another way to force the issue. I have also not seen any information anywhere about why the server would not be able to replicate schema between itself and the root domain, even though the root is mixed and this is native. Do those two exist in such a different way that the schema cannot be replicated between them? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:23 PM To: Exchange Discussions Subject: RE: Replication and Schema problem ForestPrep is just that - forest wide. Its all or nothing. I'm guessing you didn't run DomainPrep in this domain - and that IS domain specific, and needs to be run in each domain hosting Exchange servers (or users, IIRC). -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:11 PM To: Exchange Discussions Subject: Replication and Schema problem Hopefully someone on this list will have a suggestion as to what to do with this problem: Upgrading from NT 4.0 domain/Exch. 5.5 - SP4 to AD with Exch 2000. The domain in question is not the root domain for the forest, but ForestPrep has been run successfully in the root. This particular domain is now Native mode (AD native mode vs. Exchange native) where the root domain is still mixed mode. ForestPrep changes to the schema have not replicated down to this domain, and I assume it's because of the Native vs. Mixed mode for AD. However, that may be an incorrect assumption. I've checked out a number of knowledgebase articles as well as Microsoft's Exch 2000 Admin's Guide and Mark Minasi's Windows 2000 Server books, but have not found a reason yet as to why there is no replication of schema other. So, I still have to think that this is the problem. Can anyone point me in the right direction with this problem? As it is the users in the new AD domain here are still able to access their Exch 5.5 mailboxes even though they log on in the AD domain, but they can't (of course) access their email through OWA, unless I go in and change their password in the NT 4.0 domain to match that in the AD. As an alternative solution, is there a method for exporting the schema from the root domain and manually importing it here to re-establish identical schemas? Is there a way to force this domain to run ForestPrep on it, even though it's not the root domain? Thanks for any help... I'm going to keep looking around for more info myself. Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Sobig.F alert
FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: 3 Layers of Virus protection.
Trend eManager(SPAM software) does not rip apart the messages, simply quarantines them. You simply need to create a new Exchange user folder and quarantine all email to that folder. Then you can review them and forward onto anyone if the quarantine was a false positive. Our works great, especially this latest virus, we put all the subject lines from the virus in the filter and no one received any SPAM from the virus, or an Trend protected us from getting infected from the virus. Great product. ___ Brian -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:26 PM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. Yes, Scanmail for Exchange is Trend's product that scans incoming/outgoing e-mail. As far as Spam filters, you just need to be careful of what the actions are. When we used Symantec AV/Filtering on our Exchange server and enabled the filtering, it was quarantining everything. You could either quarantine, or leave it alone. Problem was when it quarantined it, it ripped the message apart, so if we wanted to release a quarantined message, it wasn't in the same format. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Posted At: Friday, August 22, 2003 8:46 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I thought trend scamail for exchange can handle is stores. I just installed trend scanmail for exchange 2k and so far I think I'm quite happy with it. We bought the suite so next week will start installing the spam filters. Any tips from the current users of scanmail a newbie should know. Matt -Original Message- From: Veld, Paul [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 10:16 PM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot...sounds good, can you send me some via email? -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Sent: Friday, 22 August 2003 4:58 AM To: Exchange Discussions Subject: RE: 3 Layers of Virus protection. I don't blindly recommend anything, except maybe my wife's three cheese pasta in a pot. But on the technical side of things, I had a BE installation that would pop up at times and fail a backup telling me the Exchange database was corrupted. Management told me to prove it using something else besides the BE report. There were no Event log indications, user's were able to send and receive mail, but when we attempted to move the mailboxes to a replacement machine in the same site, the wheels fell off, the tranny fell out and the engine just blew a cork. The last good backup had migrated out of the rotation and we ended up loosing about half the data for about 125 users. Management listened afterwards. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 9:50 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. Thanks, John. I didn't want to come across as harsh, I just wanted you to provide some reasoning for why you felt that way. I've seen so many posts here and elsewhere blindly recommending to folks that they should run eseutil and/or isinteg, etc., when the poster has no clue how powerful those tools are or what they really do. I'm not inferring that's what you did, but that is where I am coming from. I will take a closer look at the store, but I am still of the opinion that the Symantec product is at fault. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Posted At: Thursday, August 21, 2003 8:32 AM Posted To: Exchange (Swynk) Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I understood that you had not scanned the Exchange files with a file based AV product. However, if you have a product that runs for a long time, then suddenly stops working (locking up the server, etc) then the server starts working again when you take the product off, you should look at the points of intersection as to where a problem may have developed. In this case, your message databases. -1018 errors don't have to be recorded to have a problem inside the database. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 20, 2003 11:04 AM Posted To: Exchange Discussion List Conversation: 3 Layers of Virus protection. Subject: RE: 3 Layers of Virus protection. I don't have a corrupted database. Why would
RE: Sobig.F alert
Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822/tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
Ok so Ive got this Q...some of the article say's about it downloading this Trojan from some server out there OK so..like does this then mean..that somebody has decompiled this puppy and found this out OK wouldn't they have found out where this server out there is? domain name? ip? somthing? just Q bill -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822/tc_ nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
From the F-Secure article. F-Secure has been able to break into this system and crack the encryption, but currently the web address sent by the servers doesn't go anywhere. The developers of the virus know that we could download the program beforehand, analyse it and come up with countermeasures, says Hypponen. So apparently their plan is to change the web address to point to the correct address or addresses just seconds before the deadline. By the time we get a copy of the file, the infected computers have already downloaded and run it. - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 11:50 AM To: Exchange Discussions Subject: RE: Sobig.F alert Ok so Ive got this Q...some of the article say's about it downloading this Trojan from some server out there OK so..like does this then mean..that somebody has decompiled this puppy and found this out OK wouldn't they have found out where this server out there is? domain name? ip? somthing? just Q bill -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_ nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
There's 20 master servers for this virus that are out there. F-Secure reports that 18 of them have been taken offline, but that still leaves 2, which might be enough. 9 minutes left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 11:50 AM To: Exchange Discussions Subject: RE: Sobig.F alert Ok so Ive got this Q...some of the article say's about it downloading this Trojan from some server out there OK so..like does this then mean..that somebody has decompiled this puppy and found this out OK wouldn't they have found out where this server out there is? domain name? ip? somthing? just Q bill -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_ nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
beer please.Oh and bring the BBQ rib's too... -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
Nice... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Hummert Sent: Friday, August 22, 2003 2:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin
RE: Sobig.F alert
wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain
RE: Sobig.F alert
On Fri, 22 Aug 2003, at 11:51am, [EMAIL PROTECTED] wrote: There's 20 master servers for this virus that are out there. Network Associates has posted the list of master server IP addresses at http://vil.nai.com/vil/content/v_100561.htm. I've copied the list below. Many are advocating wholesale blocking of those addresses at the router level. Supposedly, most of the actual servers have been shut down at this point. But all you need is one. Nobody knows what will actually happen when the worm calls home. 12.158.102.205 12.232.104.221 218.147.164.29 24.197.143.132 24.202.91.43 24.206.75.137 24.210.182.156 24.33.66.38 61.38.187.59 63.250.82.87 65.177.240.194 65.92.186.145 65.92.80.218 65.93.81.59 65.95.193.138 66.131.207.81 67.73.21.6 67.9.241.67 68.38.159.161 68.50.208.96 Tick... tick... -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange
RE: Sobig.F alert
They have published them. IIRC, I have now seen the list of IP's on several vendor sites as well as on this list. Already blocked here. Along with UDP 8998 Outbound and UDP 995-999 Inbound. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED] Posted At: Friday, August 22, 2003 2:01 PM Posted To: Exchange (Swynk) Conversation: Sobig.F alert Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information
RE: Sobig.F alert
Where's the KABOOM? There was supposed to be an earth shattering KABOOM!! -Marvin the Martian -Original Message- From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert Nice... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Hummert Sent: Friday, August 22, 2003 2:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe
RE: Sobig.F alert
Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain proprietary, confidential and/or legally privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended
RE: Sobig.F alert
68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] The information transmitted is intended only
RE: Sobig.F alert
Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/20030822 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web
RE: Sobig.F alert
This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface:
RE: Sobig.F alert
Me too. Oh well, now we can still go the bar after work instead of staying and fighting viruses all nite. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang =english To
RE: Sobig.F alert
I don't, I am glad that at 3pm on Friday it is an anti-climactic virus event. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang =english To unsubscribe: mailto:[EMAIL
RE: Sobig.F alert
Anyone remember comet Kahoutec (sp?)? -Original Message- From: Waters, Jeff [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert I don't, I am glad that at 3pm on Friday it is an anti-climactic virus event. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ:
RE: Replication and Schema problem
Domain mode has nothing to do with it. I'd wager that there's a problem with DNS or the two domains seeing each other - what's in the logs? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:50 PM To: Exchange Discussions Subject: RE: Replication and Schema problem No, we are unable to run DomainPrep. It says that ForestPrep has not been run on the server, therefore it cannot run DomainPrep. However, the server is not part of the root domain, therefore ForestPrep cannot be run on it. The problem exists that the server has still not replicated the schema changes from the root domain. This is why I was wondering if there was another way to force the issue. I have also not seen any information anywhere about why the server would not be able to replicate schema between itself and the root domain, even though the root is mixed and this is native. Do those two exist in such a different way that the schema cannot be replicated between them? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:23 PM To: Exchange Discussions Subject: RE: Replication and Schema problem ForestPrep is just that - forest wide. Its all or nothing. I'm guessing you didn't run DomainPrep in this domain - and that IS domain specific, and needs to be run in each domain hosting Exchange servers (or users, IIRC). -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:11 PM To: Exchange Discussions Subject: Replication and Schema problem Hopefully someone on this list will have a suggestion as to what to do with this problem: Upgrading from NT 4.0 domain/Exch. 5.5 - SP4 to AD with Exch 2000. The domain in question is not the root domain for the forest, but ForestPrep has been run successfully in the root. This particular domain is now Native mode (AD native mode vs. Exchange native) where the root domain is still mixed mode. ForestPrep changes to the schema have not replicated down to this domain, and I assume it's because of the Native vs. Mixed mode for AD. However, that may be an incorrect assumption. I've checked out a number of knowledgebase articles as well as Microsoft's Exch 2000 Admin's Guide and Mark Minasi's Windows 2000 Server books, but have not found a reason yet as to why there is no replication of schema other. So, I still have to think that this is the problem. Can anyone point me in the right direction with this problem? As it is the users in the new AD domain here are still able to access their Exch 5.5 mailboxes even though they log on in the AD domain, but they can't (of course) access their email through OWA, unless I go in and change their password in the NT 4.0 domain to match that in the AD. As an alternative solution, is there a method for exporting the schema from the root domain and manually importing it here to re-establish identical schemas? Is there a way to force this domain to run ForestPrep on it, even though it's not the root domain? Thanks for any help... I'm going to keep looking around for more info myself. Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
See ya a the bar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Waters, Jeff Sent: Friday, August 22, 2003 3:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert I don't, I am glad that at 3pm on Friday it is an anti-climactic virus event. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ:
Inbox views incorrect
Greetings, Outlook 98 Exchange 5.5 Windows 2000 I have some users that have been converted from Outlook 98 Exchange 5.5 NT 4.0 SP4 to Outlook 98 Windows 2000 and when they do VIEWSENDER the information is incorrect. For example it reports that so and so has 2 unread messages when indeed they don't have any. It also reports that Sam has a message but in reality it is coming from Sue. We have run the /cleanviews and that makes no differences. Please help!! Thanks. Mike Mitchell Systems email Administrator Alverno Information Services * [EMAIL PROTECTED] *:(317) 783-9341 EXT. 6211 Education is when you read the fine print, experience is what you get when you don't! - Pete Seeger _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Outlook to Exchange over VPN issues
Never personally tried it over dial-up, although we have a few users doing that and I've heard no complaints (then again, I am not on the Help Desk). It works fine (Outlook97 2k going against Exch5.5 2k) over DSL/Cable. There is one annoyance which may account for the port 135 reference - Outlook over VPN does not update the Unread Items counter in a timely fashion. Sometimes it takes a few minutes for incoming mail to register via the counters on the right side of folder names. I recall that there was some UDP port you could open to fix this, but we left things closed. Clicking on any folder would force an Unread Items count update. Jon -Original Message- From: Alex Alborzfard [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 9:21 AM Posted To: exchange - new Conversation: Outlook to Exchange over VPN issues Subject:Outlook to Exchange over VPN issues We are in the process of rolling out VPN (PPTP/IPSEC) to allow access to remote access to Exchange. But I've heard the performance is really dismal especially over dial-up. I've also heard OL 03 with EX 03 takes care of this problem, by using RPC over HTTP. Should we wait and upgrade to OL/EX 03 instead? What are other OL(2000) to EX(5.5/2K) over VPN connectivity issues? Thanks --Alex Alborzfard Exchange Admin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
Can we blame this virus for the big jump in gas prices today? -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:18 PM To: Exchange Discussions Subject: RE: Sobig.F alert Me too. Oh well, now we can still go the bar after work instead of staying and fighting viruses all nite. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Sobig.F alert
China is down Now is the time to hit them! http://www.internettrafficreport.com/main.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Kuhl Sent: Friday, August 22, 2003 3:39 PM To: Exchange Discussions Subject: RE: Sobig.F alert Can we blame this virus for the big jump in gas prices today? -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:18 PM To: Exchange Discussions Subject: RE: Sobig.F alert Me too. Oh well, now we can still go the bar after work instead of staying and fighting viruses all nite. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List
RE: Sobig.F alert
I'm blaming the pizza I just had for the big jump in gas. -Original Message- From: Bill Kuhl [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:39 PM To: Exchange Discussions Subject: RE: Sobig.F alert Can we blame this virus for the big jump in gas prices today? -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:18 PM To: Exchange Discussions Subject: RE: Sobig.F alert Me too. Oh well, now we can still go the bar after work instead of staying and fighting viruses all nite. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert This is the most anti climactic virus ever. I want my money back -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 12:13 PM To: Exchange Discussions Subject: RE: Sobig.F alert Looks like my upstream has killed routes the all of theseway to go ISP. -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:09 PM To: Exchange Discussions Subject: RE: Sobig.F alert 68.38.159.161 and 65.95.193.138 seem to be the last two standing unless ICMP is turned off on some of the other servers/pc's. Because that really wouldn't matter, the theory is that the infect machines are going to get their instructions from these 20 masters servers and then launch a distributed attack on the root DNS servers..1 minute left -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mellott, Bill Sent: Friday, August 22, 2003 12:01 PM To: Exchange Discussions Subject: RE: Sobig.F alert well's that where My q came inChris even put up a piece which said they new about 20 servers ..18 OFFL, 2 ONL so then they have ID'd these things right? why not publish the IP and/or the domain names ..so people could block these too... it just say's about UDP port ..couldnt that also change on the fly? bill -Original Message- From: Steck, Herb [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:59 PM To: Exchange Discussions Subject: RE: Sobig.F alert wouldve been nice for them to publish the IP list so we could block it from our firewalls. Incoming and outgoing. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:52 PM To: Exchange Discussions Subject: RE: Sobig.F alert If only Arnold wasn't running for governor. We could send him back in time to stop Skynet. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steck, Herb Sent: Friday, August 22, 2003 11:52 AM To: Exchange Discussions Subject: RE: Sobig.F alert As if we all didn't have enough to do? -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:51 PM To: Exchange Discussions Subject: RE: Sobig.F alert T-minus 10 minutes . Its the end of the world run for your lives... -Original Message- From: Sagert, Lori [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:41 PM To: Exchange Discussions Subject: RE: Sobig.F alert Yes it is. Since we are not sure what the payload is, we patched for the new MDAC security patch. Hey, who knows? Better to be safe than sorry. T-minus 20 minutes. -Original Message- From: Christopher Hummert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 2:33 PM To: Exchange Discussions Subject: RE: Sobig.F alert Oh crap, I didn't think that anyone actually hooked Skynet up to the internet. T-Minus 30 minutes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Friday, August 22, 2003 11:33 AM To: Exchange Discussions Subject: RE: Sobig.F alert Here is some more info on it. Should be an interesting afternoon. http://www.theregister.co.uk/content/56/32475.html http://story.news.yahoo.com/news?tmpl=storyncid=1211e=1u=/nm/200308 22 /tc_nm/tech_internet_virus_dcsid=95573372 -Original Message- From: Lori Sagert [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:56 PM To: Exchange Discussions Subject: Sobig.F alert FYI... http://www.f-secure.com/news/items/news_2003082200.shtml _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode = lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web
Re-install Exchange 5.5
Yup! Inherited server...I have service account rights to the site and server but only admin rights to the recipients. I am able to pretty much do everything I need to do but the time has come to stop putting off a re-install. Can anyone reccommend or point me through a walkthrough on re-installing exchange. I would like to look at as many points of reference as possible. Or if anyone has some personal experience they can share I'll take that too! We have only one server/one site/10 public folders for calenders/90 email recipients. Exchange 5.5 SP4. Pretty basic setup...Thanks all! JD _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Re-install Exchange 5.5
password crack the exchange service account then FAQ for Ed's server move method. 2 cents' bill -Original Message- From: Dolphin, Jeff [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 4:51 PM To: Exchange Discussions Subject: Re-install Exchange 5.5 Yup! Inherited server...I have service account rights to the site and server but only admin rights to the recipients. I am able to pretty much do everything I need to do but the time has come to stop putting off a re-install. Can anyone reccommend or point me through a walkthrough on re-installing exchange. I would like to look at as many points of reference as possible. Or if anyone has some personal experience they can share I'll take that too! We have only one server/one site/10 public folders for calenders/90 email recipients. Exchange 5.5 SP4. Pretty basic setup...Thanks all! JD _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Re-install Exchange 5.5
No can do...the service account was deleted. Sidenote: this server is already on its second home. Even without full rights Ed's server move method worked flawlessly! -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 1:54 PM To: Exchange Discussions Subject: RE: Re-install Exchange 5.5 password crack the exchange service account then FAQ for Ed's server move method. 2 cents' bill -Original Message- From: Dolphin, Jeff [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 4:51 PM To: Exchange Discussions Subject: Re-install Exchange 5.5 Yup! Inherited server...I have service account rights to the site and server but only admin rights to the recipients. I am able to pretty much do everything I need to do but the time has come to stop putting off a re-install. Can anyone reccommend or point me through a walkthrough on re-installing exchange. I would like to look at as many points of reference as possible. Or if anyone has some personal experience they can share I'll take that too! We have only one server/one site/10 public folders for calenders/90 email recipients. Exchange 5.5 SP4. Pretty basic setup...Thanks all! JD _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Replication and Schema problem
Don't try and finagle a way around the issue. Fix the replication problem between the domains. It will cause you great distress further down the road. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hoffman Posted At: Friday, August 22, 2003 12:50 PM Posted To: Exchange Discussion List Conversation: Replication and Schema problem Subject: RE: Replication and Schema problem No, we are unable to run DomainPrep. It says that ForestPrep has not been run on the server, therefore it cannot run DomainPrep. However, the server is not part of the root domain, therefore ForestPrep cannot be run on it. The problem exists that the server has still not replicated the schema changes from the root domain. This is why I was wondering if there was another way to force the issue. I have also not seen any information anywhere about why the server would not be able to replicate schema between itself and the root domain, even though the root is mixed and this is native. Do those two exist in such a different way that the schema cannot be replicated between them? -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:23 PM To: Exchange Discussions Subject: RE: Replication and Schema problem ForestPrep is just that - forest wide. Its all or nothing. I'm guessing you didn't run DomainPrep in this domain - and that IS domain specific, and needs to be run in each domain hosting Exchange servers (or users, IIRC). -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:11 PM To: Exchange Discussions Subject: Replication and Schema problem Hopefully someone on this list will have a suggestion as to what to do with this problem: Upgrading from NT 4.0 domain/Exch. 5.5 - SP4 to AD with Exch 2000. The domain in question is not the root domain for the forest, but ForestPrep has been run successfully in the root. This particular domain is now Native mode (AD native mode vs. Exchange native) where the root domain is still mixed mode. ForestPrep changes to the schema have not replicated down to this domain, and I assume it's because of the Native vs. Mixed mode for AD. However, that may be an incorrect assumption. I've checked out a number of knowledgebase articles as well as Microsoft's Exch 2000 Admin's Guide and Mark Minasi's Windows 2000 Server books, but have not found a reason yet as to why there is no replication of schema other. So, I still have to think that this is the problem. Can anyone point me in the right direction with this problem? As it is the users in the new AD domain here are still able to access their Exch 5.5 mailboxes even though they log on in the AD domain, but they can't (of course) access their email through OWA, unless I go in and change their password in the NT 4.0 domain to match that in the AD. As an alternative solution, is there a method for exporting the schema from the root domain and manually importing it here to re-establish identical schemas? Is there a way to force this domain to run ForestPrep on it, even though it's not the root domain? Thanks for any help... I'm going to keep looking around for more info myself. Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]