Hi All,
I think I'm under attack.
Someone used my Exchange Server 5.5 as relay agent for
huge amount of mails produced from
hotmail.com,yahoo.com,exite.com etc.
After I came to know that someone used this I got one
mail from my ISP which was sent by someone who
received it from my mailserver.I surprised when I saw
there is my FW NETBIOS name as well as its internal
interface's invalid IP address.
In FW only there are following rules:
1. ANY MAILSRV SMTP ACCEPT
2. MAILSRV ANY SMTP ACCEPT
3. InternetGr@ANY ANY HTTP USER-AUTH
4. LocalNet ANY HTTPS ACCEPT
5. SecureUsr@NAY LocalNet ANY Client-Encrypt
6. ANY External-wks ANY ACCEPT
7. ANY ANY ANY REJECT
And,
Today I can't browse any internet sites.But after long
diagnosis, it is found that I can ping any sites with
its domain name (I refer DNS query from ISP's DNS
Server).And it is important to say that I can browse
only the unknown sites (i.e not used frequently) only
once.Then after I can't even browse this site also
even from Gateway.I've no proxy server.I'm using FW's
proxy with dynamic NAT.
FW-1 4.0 sp6
NT 4.0 sp6a
Now I'm able to stop SMTP relay but internet access
can't be succeeded.There is no problem in my VPN.
connection.
Pls suggest me what to do next.
Tika Mahata
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
