Actually, we have tried both but have not found the culprit(s)
yet. Although my partner believes he saw a spike in traffic coming in as a
Telenet session from an unexpected origin -
rrcs-74-39-200-122.nys.biz.rr.com which on searching with google appears
not too uncommon - that is hacks, spam and spyware from users of biz.rr.com.
This has us planning to try to isolate which IP address(es) attacks may be
coming in on and shut them down.
Regarding telnet - apparently there is a problem with windows 2003 and
iMail. If my source is correct one can telnet into a Windows 2003 system
running iMail (pick a version) on port 25 and get by the
authentication. Again, my source told me that neither Micosoft nor
Ipswitch has come up with a way to stop this. It appears only to be a
problem on Windows 2003, not Windows 2000.
At 04:05 PM 9/7/2005, Kevin Bilbee wrote:
Start with TCPView From sysinternals to view open ports on the server find
the ports and programs that should not be running and kill then remove them
from the system.
Also use Process Explorer from sysinternals and look at all the running
processes. If you find one that does not belong then kill and remove it.
Kevin Bilbee
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
