RE: Exchange 5.5 server HACKED!
You're expecting me to change my display font so I can read that? -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: 19 July 2002 02:00 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! ____ _ _ _ \ \ / / | |__ __ _ | |_(_) ___ \ \ /\ / / | '_ \ / _` | | __| | | / __| \ V V / | | | | | (_| | | |_| | \__ \ \_/\_/|_| |_| \__,_| \__| |_| |___/ _ __ _( ) _ _______ _ / _` | |/ | '__| / _ \ / _` | | (_| | | || __/ | (_| | \__,_| |_| \___| \__, | |___/ _ _ _ ___ | |__ __ ____ | | __ ( ) |__ \ | '_ \ / _` | / __| | |/ / |// / | | | | | (_| | | (__ | |_| |_| |_| \__,_| \___| |_|\_\ (_) _ _ _ _ / \ _ _______ _ _____| | (_) | |_ / _ \ | '__| / _ \ / _` |/ _ \ / _` | | | | __| / ___ \| || __/ | (_| | | __/ | (_| | | | | |_ /_/ \_\ |_| \___| \__, |\___| \__,_| |_| \__| |___/ _ _ ___ __ _____ __ ___| |__ __ ___| | |__ \ / _` | / _ \ | '_ \ / _ \ | '_ \ / _` | / _` | / / | (_| | | (_) | | | | | | __/ | |_) | | (_| | | (_| | |_| \__, | \___/ |_| |_| \___| |_.__/ \__,_| \__,_| (_) |___/ -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 4:40 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! La La La La I can't SEE it I got OLXP SR1 I got the reg hack I got plain text always I'm immune to William. La La La La -Original Message- From: Blackmer, Charlotte, ITD [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 5:57 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! With all due respect to Her Foofy Majesty, any of you who aren't mailing in plain text are Providers of Foof to us text/text digest subscribers. Including the person who complained about it (monster disclaimer, non-edited post, and all - oy). It all shows up as markup code after the message. I have mailbox limits so have to forward the digest to myself and edit the foof out. Sample (minus some headers so you see what it looks like) at the end of the message. (apologies to text subscribers) So please, spare a thought for the eyeballs of the text subscribers too ;-). thanks, Charlotte List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm This e-mail has been scanned for all viruses by Star Internet. The information in this communication and any attachments is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient any use, review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error please notify us immediately on 0191 261 2681 and delete the original message and any copies of it. Any opinions, conclusions or other information in this message that do not relate to the official business of Sanderson Townend Gilbert are neither given nor endorsed by the firm. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
True true. Rather have Flash. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 13:12 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Powerpoint is so last millenium. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! You don't have people sending the junk to your text pager or cell phone, then. I like powerpoint presentations, too, I just don't want my electric company deciding that it's a good medium for my monthly bill. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:49 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
With all due respect to Her Foofy Majesty, any of you who aren't mailing in plain text are Providers of Foof to us text/text digest subscribers. Including the person who complained about it (monster disclaimer, non-edited post, and all - oy). It all shows up as markup code after the message. I have mailbox limits so have to forward the digest to myself and edit the foof out. Sample (minus some headers so you see what it looks like) at the end of the message. (apologies to text subscribers) So please, spare a thought for the eyeballs of the text subscribers too ;-). thanks, Charlotte Subject: RE: Exchange 5.5 server HACKED! From: Abercrombie, Sherry [EMAIL PROTECTED] Date: Wed, 17 Jul 2002 09:04:08 -0500 X-Message-Number: 14 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_001_01C22D9A.D1B1D020 Content-Type: text/plain Okay, I'll have to accept the label of Foof Queen. Well at least I have some official letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology With sufficient thrust, pigs fly just fine. -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- (rest of text message snipped) META HTTP-EQUIV=3DContent-Type CONTENT=3Dtext/html; = charset=3Dus-ascii META NAME=3DGenerator CONTENT=3DMS Exchange Server version = 5.5.2653.12 PFONT SIZE=3D2Okay, I'll have to accept the label of quot;Foof = Queenquot;.nbsp; Well at least I have some quot;officialquot; = letters to put behind my name now...nbsp; /FONT/P PFONT SIZE=3D2Sherry Abercrombie - FQ/FONT BRFONT SIZE=3D2Data Center Administration Team/FONT BRFONT SIZE=3D2Information Technology/FONT BRFONT SIZE=3D2quot;With sufficient thrust, pigs fly just = fine.quot;/FONT /P PFONT SIZE=3D2-Original Message-/FONT BRFONT SIZE=3D2From: Jeremiah Watson [A = HREF=3Dmailto:[EMAIL PROTECTED];mailto:[EMAIL PROTECTED]/A= ] /FONT BRFONT SIZE=3D2Sent: Tuesday, July 16, 2002 10:54 AM/FONT BRFONT SIZE=3D2To: MS-Exchange Admin Issues/FONT BRFONT SIZE=3D2Subject: RE: Exchange 5.5 server HACKED!/FONT /P BR PFONT SIZE=3D2That is Insolence. We have all come to respect each = other and abuse is part of that.nbsp; Ask the Foof Queen from = yesterday. ;-)/FONT/P PFONT SIZE=3D2-Original Message-/FONT BRFONT SIZE=3D2From: Tom Meunier [A = HREF=3Dmailto:[EMAIL PROTECTED];mailto:Tom.Meunier@courts= .state.tx.us/A]/FONT BRFONT SIZE=3D2Sent: Tuesday, July 16, 2002 11:51 AM/FONT BRFONT SIZE=3D2To: MS-Exchange Admin Issues/FONT BRFONT SIZE=3D2Subject: RE: Exchange 5.5 server HACKED!/FONT /P BR PFONT SIZE=3D2Why would I do that?nbsp; I'd like you to use your = knowledge to assist new users, rather than call them trolls or put in a = cryptic message about quot;it's been two weeksquot;.nbsp; I don't = care whether you're happy or sad about it.nbsp; I'm new here, and I = didn't know that part of the list charter was to denigrate = less-experienced admins rather than answer their question./FONT/P BR BR PFONT SIZE=3D2gt; -Original Message-/FONT BRFONT SIZE=3D2gt; From: Matthew Carpenter [A = HREF=3Dmailto:[EMAIL PROTECTED];mailto:[EMAIL PROTECTED]/A]/F= ONT BRFONT SIZE=3D2gt; Sent: Tuesday, July 16, 2002 10:46 AM/FONT BRFONT SIZE=3D2gt; To: MS-Exchange Admin Issues/FONT BRFONT SIZE=3D2gt; Subject: Re: Exchange 5.5 server HACKED!/FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; That is not nice Don./FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; If he is trying to make me feel badhe = failed./FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; - Original Message -/FONT BRFONT SIZE=3D2gt; From: quot;Ely, Donquot; = lt;[EMAIL PROTECTED]gt;/FONT BRFONT SIZE=3D2gt; To: quot;MS-Exchange Admin Issuesquot; = /FONT BRFONT SIZE=3D2gt; = lt;[EMAIL PROTECTED]gt;/FONT BRFONT SIZE=3D2gt; Sent: Tuesday, July 16, 2002 10:21 AM/FONT BRFONT SIZE=3D2gt; Subject: RE: Exchange 5.5 server HACKED!/FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; Figures!/FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; -Original Message-/FONT BRFONT SIZE=3D2gt; From: Matthew Carpenter [A = HREF=3Dmailto:[EMAIL PROTECTED];mailto:[EMAIL PROTECTED]/A]/F= ONT BRFONT SIZE=3D2gt; Sent: Tuesday, July 16, 2002 11:22 AM/FONT BRFONT SIZE=3D2gt; To: MS-Exchange Admin Issues/FONT BRFONT SIZE=3D2gt; Subject: Re: Exchange 5.5 server HACKED!/FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; Sorry, I don't get it/FONT BRFONT SIZE=3D2gt; /FONT BRFONT SIZE=3D2gt; - Original Message -/FONT BRFONT SIZE=3D2gt
RE: Exchange 5.5 server HACKED!
La La La La I can't SEE it I got OLXP SR1 I got the reg hack I got plain text always I'm immune to William. La La La La -Original Message- From: Blackmer, Charlotte, ITD [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 5:57 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! With all due respect to Her Foofy Majesty, any of you who aren't mailing in plain text are Providers of Foof to us text/text digest subscribers. Including the person who complained about it (monster disclaimer, non-edited post, and all - oy). It all shows up as markup code after the message. I have mailbox limits so have to forward the digest to myself and edit the foof out. Sample (minus some headers so you see what it looks like) at the end of the message. (apologies to text subscribers) So please, spare a thought for the eyeballs of the text subscribers too ;-). thanks, Charlotte List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Title: RE: Exchange 5.5 server HACKED! JET RED, not JET Blue, was used for Exchange 4.0 because the original code was purchased from the team in England upon which the current 5.5 flavor was final of. XCHG2K was a change of most of the code. For those that have looked into the depths of Exchange's DB structure JET RED is a considerably different animal than JET BLUE upon which ACCESS was/is based. They just originated from the same sources. Much like XENIX/UNIX/LINUX, etc.. -Rick -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 8:26 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I have that thread in a .pst somewhere. -Original Message- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 8:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
We can html if we want to, we can leave your friends behind Cause your friends don't html and if they don't html Well they're are no friends of mine I say, we can format what we want to, a place where they will never find. And we can act like we come from out of this world Leave the rich text far behind, and we can dance... Its the ASCII Dance, the ASCII Dance. ---- -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 7:40 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! La La La La I can't SEE it I got OLXP SR1 I got the reg hack I got plain text always I'm immune to William. La La La La -Original Message- From: Blackmer, Charlotte, ITD [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 18, 2002 5:57 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! With all due respect to Her Foofy Majesty, any of you who aren't mailing in plain text are Providers of Foof to us text/text digest subscribers. Including the person who complained about it (monster disclaimer, non-edited post, and all - oy). It all shows up as markup code after the message. I have mailbox limits so have to forward the digest to myself and edit the foof out. Sample (minus some headers so you see what it looks like) at the end of the message. (apologies to text subscribers) So please, spare a thought for the eyeballs of the text subscribers too ;-). thanks, Charlotte List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Title: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of Foof Queen. Well at least I have some official letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology With sufficient thrust, pigs fly just fine. -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about it's been two weeks. I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt
RE: Exchange 5.5 server HACKED!
Title: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED!That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED!Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED!Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED!This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ.-Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sor
RE: Exchange 5.5 server HACKED!
Title: Message :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ.-Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[E
RE: Exchange 5.5 server HACKED!
Title: Message Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED!That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the m
RE: Exchange 5.5 server HACKED!
Title: Message I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." (Jeremy S. Anderson) -Original Message
RE: Exchange 5.5 server HACKED!
Title: Message "Blinded by the Light!!" Thanks all is right in the world. Joe Sunglasses -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 9:03 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110?
RE: Exchange 5.5 server HACKED!
Title: Message Looking cool isn't enough of an excuse? -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.]
RE: Exchange 5.5 server HACKED!
Title: Message This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 se
RE: Exchange 5.5 server HACKED!
Title: Message I don't have to try to be clever - I have a proven track record. -Original Message-From: Szalkiewicz, Toni [mailto:[EMAIL PROTECTED]]Sent: 17 July 2002 16:08To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to
RE: Exchange 5.5 server HACKED!
Title: Message Sherry, I've wondered how much thrust does it require? -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 11:03 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say "How about [repost of the FAQ link that I had just posted]?". I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look
Re: Exchange 5.5 server HACKED!
Title: Message I have never seen this guy before. How are we to know that they are "MS-Exchange Admin" staff? I thought this list was self moderated? I feel like I am in Romper Room sometimes, and have been told to 'settle down'. - Original Message - From: Snook, Kevin S (ITD) To: MS-Exchange Admin Issues Sent: Wednesday, July 17, 2002 10:52 AM Subject: RE: Exchange 5.5 server HACKED! I don't have to try to be clever - I have a proven track record. -Original Message-From: Szalkiewicz, Toni [mailto:[EMAIL PROTECTED]]Sent: 17 July 2002 16:08To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July
RE: Exchange 5.5 server HACKED!
Title: Message Can you open my milk, mommy? -Original Message-From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:15 AMTo: MS-Exchange Admin IssuesSubject: Re: Exchange 5.5 server HACKED! I have never seen this guy before. How are we to know that they are "MS-Exchange Admin" staff? I thought this list was self moderated? I feel like I am in Romper Room sometimes, and have been told to 'settle down'. - Original Message - From: Snook, Kevin S (ITD) To: MS-Exchange Admin Issues Sent: Wednesday, July 17, 2002 10:52 AM Subject: RE: Exchange 5.5 server HACKED! I don't have to try to be clever - I have a proven track record. -Original Message-From: Szalkiewicz, Toni [mailto:[EMAIL PROTECTED]]Sent: 17 July 2002 16:08To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46
RE: Exchange 5.5 server HACKED!
Title: Message Stop pissing on yourself then. -Original Message-From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:15 AMTo: MS-Exchange Admin IssuesSubject: Re: Exchange 5.5 server HACKED! I have never seen this guy before. How are we to know that they are "MS-Exchange Admin" staff? I thought this list was self moderated? I feel like I am in Romper Room sometimes, and have been told to 'settle down'. - Original Message - From: Snook, Kevin S (ITD) To: MS-Exchange Admin Issues Sent: Wednesday, July 17, 2002 10:52 AM Subject: RE: Exchange 5.5 server HACKED! I don't have to try to be clever - I have a proven track record. -Original Message-From: Szalkiewicz, Toni [mailto:[EMAIL PROTECTED]]Sent: 17 July 2002 16:08To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46
RE: Exchange 5.5 server HACKED!
I'm thinking that this is the part where I am glad that I toss all that non-plain-text crapola into the latrine where it belongs? -Original Message- From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 09:17 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 8:04 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of Foof Queen. Well at least I have some official letters to put behind my name now... List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Title: Message Well that of course is directly related to the weight of the pig, the more weight the more thrust is required Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:14 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Sherry, I've wondered how much thrust does it require? -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 11:03 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Now I don't have an excuse to wear my sunglasses when I read my email. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:43 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! :) I even changed the colorsI didn't want to continue to blind others..;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message-From: Eldridge, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:17 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! LOL!!! great foof. -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 17, 2002 8:04 AMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Okay, I'll have to accept the label of "Foof Queen". Well at least I have some "official" letters to put behind my name now... Sherry Abercrombie - FQ Data Center Administration Team Information Technology "With sufficient thrust, pigs fly just fine." -Original Message- From: Jeremiah Watson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:54 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about "it's been two weeks". I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: "Ely, Don" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: "Tom Meunier" [EMAIL PROTECTED] To: "MS-Exchange Admin Issues" [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED!
RE: Exchange 5.5 server HACKED!
Title: Message Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not pad-out the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.
RE: Exchange 5.5 server HACKED!
Title: Message Almost? It's only Precht that falls under "Never Clever" and at that rate we should be at least 5 9's if not 6. :P -Original Message-From: Purviance, Chad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 12:29 PMTo: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AMTo: [EMAIL PROTECTED]Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not "pad-out" the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message-From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03To: MS-Exchange Admin IssuesSubject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
(and did you notice how when I reply to the 16k email it turns into a 2k email?) -Original Message- From: Tom Meunier Sent: Wednesday, July 17, 2002 11:35 AM To: 'MS-Exchange Admin Issues' Subject: RE: Exchange 5.5 server HACKED! I personally think nobody who calls themselves an email administrator (platform-independent statement) should use all that foofoo background and font crap. They should include in their signature line Please see my glow-in-the-dark dancing signature and Hallmark Store Reject background at my web page (with popups and marquee tags and embedded midi files) at http://wasteofbandwidth.org -Original Message- From: Purviance, Chad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:29 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not pad-out the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity +++to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
I personally think nobody who calls themselves an email administrator (platform-independent statement) should use all that foofoo background and font crap. They should include in their signature line Please see my glow-in-the-dark dancing signature and Hallmark Store Reject background at my web page (with popups and marquee tags and embedded midi files) at http://wasteofbandwidth.org -Original Message- From: Purviance, Chad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:29 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not pad-out the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity +++to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
If you use Flash in your HTML email, you can get the size down, too. Wasted bandwidth: That which is not used. After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. William -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:36 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! (and did you notice how when I reply to the 16k email it turns into a 2k email?) -Original Message- From: Tom Meunier Sent: Wednesday, July 17, 2002 11:35 AM To: 'MS-Exchange Admin Issues' Subject: RE: Exchange 5.5 server HACKED! I personally think nobody who calls themselves an email administrator (platform-independent statement) should use all that foofoo background and font crap. They should include in their signature line Please see my glow-in-the-dark dancing signature and Hallmark Store Reject background at my web page (with popups and marquee tags and embedded midi files) at http://wasteofbandwidth.org -Original Message- From: Purviance, Chad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:29 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not pad-out the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity +++to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
You don't have people sending the junk to your text pager or cell phone, then. I like powerpoint presentations, too, I just don't want my electric company deciding that it's a good medium for my monthly bill. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:49 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Powerpoint is so last millenium. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! You don't have people sending the junk to your text pager or cell phone, then. I like powerpoint presentations, too, I just don't want my electric company deciding that it's a good medium for my monthly bill. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:49 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Would you suggest they flash him instead? --Kevinm KMAP-SR, M, WLKMMAS, UCC+WCA, And Beyond http://www.daughtry.ca/ For Graphics and WebDesign, GO here! -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Powerpoint is so last millenium. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! You don't have people sending the junk to your text pager or cell phone, then. I like powerpoint presentations, too, I just don't want my electric company deciding that it's a good medium for my monthly bill. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:49 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Perhaps. It does suck to have HTML sent to a pager, especially when it only captures the first 150 characters or so. Though it does assist with vendor screening. Send HTML to my pager, you don't get to be my vendor. -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:15 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Would you suggest they flash him instead? --Kevinm KMAP-SR, M, WLKMMAS, UCC+WCA, And Beyond http://www.daughtry.ca/ For Graphics and WebDesign, GO here! -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Powerpoint is so last millenium. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! You don't have people sending the junk to your text pager or cell phone, then. I like powerpoint presentations, too, I just don't want my electric company deciding that it's a good medium for my monthly bill. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 11:49 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! After reading the evils of HTML email: http://www.georgedillon.com/web/html_email_is_evil.shtml I still like it. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Title: Message OMFG Don, I am actually gonna unblock that email so I can see this flame thread HAHAHAAHAH jlc -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 12:25 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Almost? It's only Precht that falls under Never Clever and at that rate we should be at least 5 9's if not 6. :P -Original Message- From: Purviance, Chad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 12:29 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Humm ... You call yourself an Exchange Admin ... believe you have a right to attempt to correct a group like this ... and you obviously lake a sense of humor. Nah, you must be kidding. :-D BTW This resource is for assistance and usually on topic ... but almost ALWAYS Clever. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: RE: Exchange 5.5 server HACKED! This resource is not for showing off, please keep the comments relevant to the issues and do not pad-out the thread by trying to be clever ! Thank you for your corporation in this matter MS-Exchange Admin Staff -Original Message- From: Abercrombie, Sherry [mailto:[EMAIL PROTECTED]] Sent: 17 July 2002 16:03 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'm always thinking of others so, here's a little reason for you to wear your sunglasses ;) Sherry Abercrombie - FQ Data Center Administration Team Information Technology List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm +++The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document.+++ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
Re: Exchange 5.5 server HACKED!
If it is connected, and DNS is set up, then uh, yes, it is LIVE. Exch 5.5 is extremely easy to relay off of if you don't have your setting right. Do you have a firewall somewhere too? I would not necessarily call relaying a hack though. It is more of an uncomfortable itch in the lower extremities. I have been hacked before, and relayed off of before. They are two very distinct feelings of violation. - Original Message - From: Dan Schwartz [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Monday, July 15, 2002 11:54 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] [Balance cut] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine Director of Information Technology The Business Office, Inc. (609) 597-1155, Fax (609) 597-2860 www.tbopayroll.com -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject:RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] [Balance cut] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To:MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance:Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From:Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent:Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To:MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance:Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
List of ports: Section 3.24: http://www.swinc.com/resource/exch_faq_sec3.htm XGEN: TCP Ports and Microsoft Exchange: In-depth Discussion http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q176466; Port110 is the default POP3 port. If I must use POP3, I would favour POP over SSL and not leave port110 available. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 7:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To:MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance:Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
Re: Exchange 5.5 server HACKED!
Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Logs look good to me. I'd turn the logging back down, though, if you're happy with it. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
You remember it too? I was thinking that not a lot of people on this list would remember that now... :-) -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 16:26 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! I have that thread in a .pst somewhere. -Original Message- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 8:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To:MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance:Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
From your post in the thread entitled Mailbox Backup [patronizing tone] Like we all said, this has been covered repeatedly every two weeks or so. Read the FAQS that everyone has been posting. DIRT is a much better implementation. Here is one: [link I had already posted three messages down in the thread.] http://www.swinc.com/resource/exch_faq_appxb.htm -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
Re: Exchange 5.5 server HACKED!
That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about it's been two weeks. I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Well, while Tom can certainly handle his own, I could certainly make every attempt to make you feel bad. At the very least, make you feel inadequate. The choice is yours... You're just another Precht for me to have a little fun with! ;o) -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
Re: Exchange 5.5 server HACKED!
FYI Tom... I was on YOUR side in that discussion. My statement was basically that this discussion has been repeated, and they can find information in the archives. Why repeat what everyone else posted (although I did after the fact). Plus, YOU did not explain yourself either, but simply posted links. I posted the same link, true, but it was in support of our argument. That guy has not even reposted to the thread, so he was either a) a troll b) thinks we are fools or c) has not read them yet. So why are we fighting? ; o|) - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:44 AM Subject: RE: Exchange 5.5 server HACKED! From your post in the thread entitled Mailbox Backup [patronizing tone] Like we all said, this has been covered repeatedly every two weeks or so. Read the FAQS that everyone has been posting. DIRT is a much better implementation. Here is one: [link I had already posted three messages down in the thread.] http://www.swinc.com/resource/exch_faq_appxb.htm -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
That is Insolence. We have all come to respect each other and abuse is part of that. Ask the Foof Queen from yesterday. ;-) -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:51 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Why would I do that? I'd like you to use your knowledge to assist new users, rather than call them trolls or put in a cryptic message about it's been two weeks. I don't care whether you're happy or sad about it. I'm new here, and I didn't know that part of the list charter was to denigrate less-experienced admins rather than answer their question. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt
Re: Exchange 5.5 server HACKED!
Whatever Don. I am not really sure why we are even having this conversation. I guess it is because the list is slow, eh? - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:44 AM Subject: RE: Exchange 5.5 server HACKED! Well, while Tom can certainly handle his own, I could certainly make every attempt to make you feel bad. At the very least, make you feel inadequate. The choice is yours... You're just another Precht for me to have a little fun with! ;o) -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
I'd imagine it's for the same reason I had to make a gateway rule that routes messages with the text [LIST ADMIN] Do Not Reply to /dev/null. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Whatever Don. I am not really sure why we are even having this conversation. I guess it is because the list is slow, eh? - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:44 AM Subject: RE: Exchange 5.5 server HACKED! Well, while Tom can certainly handle his own, I could certainly make every attempt to make you feel bad. At the very least, make you feel inadequate. The choice is yours... You're just another Precht for me to have a little fun with! ;o) -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt- software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Yeah, he's got the whole NTSYSADMIN list broken... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 12:16 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The [LIST ADMIN] was and continues to be working on an issue regarding Lyris. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:11 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'd imagine it's for the same reason I had to make a gateway rule that routes messages with the text [LIST ADMIN] Do Not Reply to /dev/null. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Whatever Don. I am not really sure why we are even having this conversation. I guess it is because the list is slow, eh? - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:44 AM Subject: RE: Exchange 5.5 server HACKED! Well, while Tom can certainly handle his own, I could certainly make every attempt to make you feel bad. At the very least, make you feel inadequate. The choice is yours... You're just another Precht for me to have a little fun with! ;o) -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed
Re: Exchange 5.5 server HACKED!
To be more thorough, you should have routed Inigo Montoya to /dev/null ;0) - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 11:10 AM Subject: RE: Exchange 5.5 server HACKED! I route discussions@entrysecurity and *giddyboy* to /dev/null... :P -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 12:11 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! I'd imagine it's for the same reason I had to make a gateway rule that routes messages with the text [LIST ADMIN] Do Not Reply to /dev/null. -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:07 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Whatever Don. I am not really sure why we are even having this conversation. I guess it is because the list is slow, eh? - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:44 AM Subject: RE: Exchange 5.5 server HACKED! Well, while Tom can certainly handle his own, I could certainly make every attempt to make you feel bad. At the very least, make you feel inadequate. The choice is yours... You're just another Precht for me to have a little fun with! ;o) -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:46 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! That is not nice Don. If he is trying to make me feel badhe failed. - Original Message - From: Ely, Don [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:21 AM Subject: RE: Exchange 5.5 server HACKED! Figures! -Original Message- From: Matthew Carpenter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:22 AM To: MS-Exchange Admin Issues Subject: Re: Exchange 5.5 server HACKED! Sorry, I don't get it - Original Message - From: Tom Meunier [EMAIL PROTECTED] To: MS-Exchange Admin Issues [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 10:11 AM Subject: RE: Exchange 5.5 server HACKED! This is a FAQ, and I'm afraid to post the link for fear that Matthew will flame me, and then say How about [repost of the FAQ link that I had just posted]?. I'll look at your logs, since that's NOT a FAQ. -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 09:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been
RE: Exchange 5.5 server HACKED!
LOL! -Original Message- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 11:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eve ntlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From:Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent:Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Ah the good old days W. Andrew Philips Customer Service Manager Networks Plus (785) 587-4121 x202 (785) 267-6800 x202 mailto:[EMAIL PROTECTED] -Original Message- From: Neil Hobson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Hey Dan! You never did get back to Ed Woodrick on this list all those years ago as to why Exchange uses an Access database as an engine format! -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Posted At: 16 July 2002 15:55 Posted To: Sunbelt Exchange List Conversation: Exchange 5.5 server HACKED! Subject: RE: Exchange 5.5 server HACKED! OK, does anyone have a list of the ports Exchange 5.5 uses, besides 25 110? Also, if anyone wants to look at the Event Logs, simply click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_App_Eventlog.zip [This is a new link new file from the one previously posted by me.] Cheers! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) -Original Message- From: Ely, Don [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:36 AM Subject: RE: Exchange 5.5 server HACKED! U... Telneting to the server alone does NOT mean the server is an open relay... I can telnet port 25 to any server in the world, that doesn't mean I can relay mail... -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:38 AM Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To:MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Importance:Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... --- This attachment has been scanned for hostile code: Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm * This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom it is addressed. Any view or opinions presented are solely those of the author and do not necessarily represent those of Silversands. If you have received this email in error, please contact our Support Desk immediately on 01202-360360 or email [EMAIL PROTECTED] * List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Not. -Original Message- From: Joe Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 06:38 To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Actually, no.. if you can telnet to the mail server you can relay. No hacking needed. This is by the very nature of exchange. I would recommend looking at not allowing characters like %$! Through your firewall. Here's a link to check to see if you have an open relay.. http://www.abuse.net/relay.html Thanks, Joe Irvine Director of Information Technology The Business Office, Inc. (609) 597-1155, Fax (609) 597-2860 www.tbopayroll.com -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 9:30 AM To: MS-Exchange Admin Issues Subject:RE: Exchange 5.5 server HACKED! Importance: Low Look at the 4031 error messages, which indicate SOMEONE is trying to relay through the server, and since unauthorized relaying is prohibited that tells me someone has hacked in. -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 1:03 AM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] [Balance cut] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
The 4188 errors are typical if you ARE relay secure, you use 'only authenticated users can relay' and others try. Where do you think you are 'hacked'? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 8:34 PM To: MS-Exchange Admin Issues Subject: Exchange 5.5 server HACKED! OK gang... A small Exchange 5.5/SP4 server I recently set up was repeatedly *hacked* over the weekend, according to the logs; and I'm trying to figure out if I made an error configuring the IMC. The symptom is that it appears to be relaying by unauthorized parties. The server is itself is NT4/SP6a, fully patched this afternoon to the very latest hotfixes. All of the account passwords are 8 or more characters with a mix of upper lower case characters numbers, the Admin Exchange service accounts are 15 characters, yada yada yada. I applied the last hotfix rebooted at 1:10PM Monday, and it was still hacked. To see the event log, click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_AppLog.zip Any suggestions? Thanks! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! The 4188 errors are typical if you ARE relay secure, you use 'only authenticated users can relay' and others try. Where do you think you are 'hacked'? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Subject: Exchange 5.5 server HACKED! OK gang... A small Exchange 5.5/SP4 server I recently set up was repeatedly *hacked* over the weekend, according to the logs; and I'm trying to figure out if I made an error configuring the IMC. The symptom is that it appears to be relaying by unauthorized parties. The server is itself is NT4/SP6a, fully patched this afternoon to the very latest hotfixes. All of the account passwords are 8 or more characters with a mix of upper lower case characters numbers, the Admin Exchange service accounts are 15 characters, yada yada yada. I applied the last hotfix rebooted at 1:10PM Monday, and it was still hacked. To see the event log, click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_AppLog.zip Any suggestions? Thanks! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! The 4188 errors are typical if you ARE relay secure, you use 'only authenticated users can relay' and others try. Where do you think you are 'hacked'? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Subject: Exchange 5.5 server HACKED! OK gang... A small Exchange 5.5/SP4 server I recently set up was repeatedly *hacked* over the weekend, according to the logs; and I'm trying to figure out if I made an error configuring the IMC. The symptom is that it appears to be relaying by unauthorized parties. The server is itself is NT4/SP6a, fully patched this afternoon to the very latest hotfixes. All of the account passwords are 8 or more characters with a mix of upper lower case characters numbers, the Admin Exchange service accounts are 15 characters, yada yada yada. I applied the last hotfix rebooted at 1:10PM Monday, and it was still hacked. To see the event log, click on: http://www.rogue-admins.com/dansworld/Exchange_Attack_AppLog.zip Any suggestions? Thanks! Dan There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. (Jeremy S. Anderson) List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Yes, it's connected, and the DNS servers have been pointed at it for about a week... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] [Balance cut] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange 5.5 server HACKED!
Then it's sorta in production then, yes? Was there a concern other than the 4318's? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:55 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! Yes, it's connected, and the DNS servers have been pointed at it for about a week... -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Subject: RE: Exchange 5.5 server HACKED! Is it connected to the internet? -Original Message- From: Dan Schwartz [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 9:10 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 5.5 server HACKED! The server is not in production yet: There should be NO SMTP traffic on it. [The business owner is returning from vacation tomorrow (Tuesday), and that's when I roll out the Outlook clients.] [Balance cut] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm