RE: IMC Error - Again
Probably someone is trying to hack. Have you tried to investigate who this IP address
could be? I just checked it and it seems to belong to some Korean comrades. Not to
say that they are all bad guys but recently there has been a lot of spam coming from
them. Maybe you should put an explicit deny connection for this address.
whois whois.arin.net 128.134.25.180:
OrgName:Korea Telecom
OrgID: KOREAT
NetRange: 128.134.0.0 - 128.134.255.255
CIDR: 128.134.0.0/16
NetName:SDN
NetHandle: NET-128-134-0-0-1
Parent: NET-128-0-0-0-0
NetType:Direct Assignment
NameServer: NS.KORNET.NET
NameServer: NS.KAIST.AC.KR
Comment:
RegDate:1986-06-30
Updated:1996-05-15
TechHandle: YL71-ARIN
TechName: Lee, Young-il
TechPhone: 82-2-766-5900
TechEmail: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 10:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get into our smtp
server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3() call failed
with error: %4
Description: Authentication attempt (AUTH ntlm) from 128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown user name or bad
password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MOMSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
Someone tried to send e-mail using authenticated relay and the
authentication failed. Are you seeing a slew of these?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get
into our smtp server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3()
call failed with error: %4
Description: Authentication attempt (AUTH ntlm) from
128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown
user name or bad password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MO
MSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
I've seen two, there may have been three, of these. Not ongoing.
-Original Message-
From: Chris Scharff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:31 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
Someone tried to send e-mail using authenticated relay and the
authentication failed. Are you seeing a slew of these?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get
into our smtp server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3()
call failed with error: %4
Description: Authentication attempt (AUTH ntlm) from
128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown
user name or bad password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MO
MSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
At this point, I'd probably just watch it and if I were the curious type I
might keep a list of Ips as well... And if it because a more frequent event,
I might follow Andrey's advice and block the specific IPs in question.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:50 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
I've seen two, there may have been three, of these. Not ongoing.
-Original Message-
From: Chris Scharff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:31 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
Someone tried to send e-mail using authenticated relay and
the authentication failed. Are you seeing a slew of these?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an
answer for it.
Does this error seem to suggest that someone is trying to get
into our smtp server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3()
call failed with error: %4
Description: Authentication attempt (AUTH ntlm) from
128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown
user name or bad password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MO
MSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
Re: IMC Error - Again
Could well be a Netscape user; the version before the current one, with
patches, would improperly try to do AUTH if it saw that tag in response to
the EHLO command.
- Original Message -
From: [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 9:04 AM
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get into our
smtp
server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3() call failed
with error: %4
Description: Authentication attempt (AUTH ntlm) from 128.134.25.180
failed:
HrAccept() call failed with error: Logon failure: unknown user name or bad
password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MOMSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
That IP address belongs in Korea. Do you have anyone that would be legitimately
connecting with Netscape from Korea?
-Original Message-
From: Daniel Chenault [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:52 AM
To: Exchange Discussions
Subject: Re: IMC Error - Again
Could well be a Netscape user; the version before the current one, with
patches, would improperly try to do AUTH if it saw that tag in response to
the EHLO command.
- Original Message -
From: [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 9:04 AM
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get into our
smtp
server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3() call failed
with error: %4
Description: Authentication attempt (AUTH ntlm) from 128.134.25.180
failed:
HrAccept() call failed with error: Logon failure: unknown user name or bad
password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MOMSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
Netscape being the server product rather than the client.
-Original Message-
From: Andrey Fyodorov [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 1:29 PM
To: Exchange Discussions
Subject: RE: IMC Error - Again
That IP address belongs in Korea. Do you have anyone that
would be legitimately connecting with Netscape from Korea?
-Original Message-
From: Daniel Chenault [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 11:52 AM
To: Exchange Discussions
Subject: Re: IMC Error - Again
Could well be a Netscape user; the version before the current
one, with patches, would improperly try to do AUTH if it saw
that tag in response to the EHLO command.
- Original Message -
From: [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 9:04 AM
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an
answer for it.
Does this error seem to suggest that someone is trying to
get into our
smtp
server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3() call
failed with error: %4
Description: Authentication attempt (AUTH ntlm) from 128.134.25.180
failed:
HrAccept() call failed with error: Logon failure: unknown
user name or
bad password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MO
MSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
Thanks, a place to start.
-Original Message-
From: Andrey Fyodorov [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:30 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
Probably someone is trying to hack. Have you tried to investigate who this
IP address could be? I just checked it and it seems to belong to some
Korean comrades. Not to say that they are all bad guys but recently there
has been a lot of spam coming from them. Maybe you should put an explicit
deny connection for this address.
whois whois.arin.net 128.134.25.180:
OrgName:Korea Telecom
OrgID: KOREAT
NetRange: 128.134.0.0 - 128.134.255.255
CIDR: 128.134.0.0/16
NetName:SDN
NetHandle: NET-128-134-0-0-1
Parent: NET-128-0-0-0-0
NetType:Direct Assignment
NameServer: NS.KORNET.NET
NameServer: NS.KAIST.AC.KR
Comment:
RegDate:1986-06-30
Updated:1996-05-15
TechHandle: YL71-ARIN
TechName: Lee, Young-il
TechPhone: 82-2-766-5900
TechEmail: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 10:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an answer for it.
Does this error seem to suggest that someone is trying to get into our smtp
server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3() call failed
with error: %4
Description: Authentication attempt (AUTH ntlm) from 128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown user name or bad
password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MOMSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
RE: IMC Error - Again
I'll do that. Thanks for your help.
Dot
-Original Message-
From: Chris Scharff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 10:00 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
At this point, I'd probably just watch it and if I were the curious type I
might keep a list of Ips as well... And if it because a more frequent event,
I might follow Andrey's advice and block the specific IPs in question.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:50 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
I've seen two, there may have been three, of these. Not ongoing.
-Original Message-
From: Chris Scharff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:31 AM
To: Exchange Discussions
Subject: RE: IMC Error - Again
Someone tried to send e-mail using authenticated relay and
the authentication failed. Are you seeing a slew of these?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 03, 2002 9:04 AM
To: Exchange Discussions
Subject: IMC Error - Again
I'm reposting this again, being pushed here to find an
answer for it.
Does this error seem to suggest that someone is trying to get
into our smtp server? This is no evenid listed for this one.
Severity: Error
Status: New
Source: MSExchangeIMC
Name: Authentication attempt (AUTH %1) from %2 failed: %3()
call failed with error: %4
Description: Authentication attempt (AUTH ntlm) from
128.134.25.180 failed:
HrAccept() call failed with error: Logon failure: unknown
user name or bad password.
Domain: BLAIRNET
Agent: EXCHSMTP1
Time: 10/03/2002 01:53:45
Owner:
(view with
http://MOMSRV/OnePointOperations/PropertySheet.asp?database=MO
MSRVtarget={4
35762EC-BAA2-4DA8-867F-5122101127FD}t=alert)
Thanks,
Dot Harris
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]
