LOL! > -----Original Message----- > From: Neil Hobson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 16, 2002 11:12 AM > To: MS-Exchange Admin Issues > Subject: RE: Exchange 5.5 server HACKED! > > > > Hey Dan! You never did get back to Ed Woodrick on this list all those > years ago as to why Exchange uses an Access database as an engine > format! > > -----Original Message----- > From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > Posted At: 16 July 2002 15:55 > Posted To: Sunbelt Exchange List > Conversation: Exchange 5.5 server HACKED! > Subject: RE: Exchange 5.5 server HACKED! > > > > OK, does anyone have a list of the ports Exchange 5.5 uses, > besides 25 & 110? > > Also, if anyone wants to look at the Event Logs, simply click > on: > <http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve > ntlog.zip> > [This is a new link & new file from the one previously posted by me.] > > Cheers! > Dan > > "There are two major products that come out of Berkeley: LSD and UNIX. > We don't believe this to be a coincidence." (Jeremy S. Anderson) > > >-----Original Message----- > >From: Ely, Don [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:36 AM > >Subject: RE: Exchange 5.5 server HACKED! > > > > > >Uhhhh... Telneting to the server alone does NOT mean the > server is an > >open relay... I can telnet port 25 to any server in the world, that > >doesn't mean I can relay mail... > > > >-----Original Message----- > >From: Joe Irvine [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:38 AM > >Subject: RE: Exchange 5.5 server HACKED! > > > > > >Actually, no.. if you can telnet to the mail server you can > relay. No > >hacking needed. This is by the very nature of exchange. I would > >recommend looking at not allowing characters like %$! Through your > >firewall. Here's a link to check to see if you have an open relay.. > > > >http://www.abuse.net/relay.html > > > > > > > >Thanks, > > > >Joe Irvine > > -----Original Message----- > >From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, July 16, 2002 9:30 AM > >To: MS-Exchange Admin Issues > >Subject: RE: Exchange 5.5 server HACKED! > >Importance: Low > > > > > > Look at the 4031 error messages, which indicate SOMEONE is > trying to > >relay through the server, and since unauthorized relaying is > prohibited > > >that tells me someone has hacked in. > > > >>-----Original Message----- > >>From: William Lefkovics [mailto:[EMAIL PROTECTED]] > >>Sent: Tuesday, July 16, 2002 1:03 AM > >>To: MS-Exchange Admin Issues > >>Subject: RE: Exchange 5.5 server HACKED! > >> > >> > >>Then it's sorta in production then, yes? > >> > >>Was there a concern other than the 4318's? > >> > >>-----Original Message----- > >>From: Dan Schwartz [mailto:[EMAIL PROTECTED]] > >>Sent: Monday, July 15, 2002 9:55 PM > >>Subject: RE: Exchange 5.5 server HACKED! > >> > >> > >> > >> Yes, it's connected, and the DNS servers have been pointed at it > for > >about a week... > >> > > --- > This attachment has been scanned for hostile code: > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 > > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > > ************************************************* > This email and any files transmitted with it are > confidential and intended solely for the use of > the individual to whom it is addressed. Any view > or opinions presented are solely those of the > author and do not necessarily represent those of > Silversands. > > If you have received this email in error, please > contact our Support Desk immediately on > 01202-360360 or email [EMAIL PROTECTED] > ************************************************* > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm >
List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm