RE: Home Depot scam taylored to men!

[René de Haas]

How did you explain it to your wife  

 

From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 4:42 PM
To: NT System Admin Issues
Subject: OT: Home Depot scam taylored to men!

 

List dudes,

This got me and I just wanted to pass along the info.  The scam works like 
this..

 

I went to Home Depot bought some stuff and as I'm loading it in my truck, these 
two women approach me and start washing my windshield.  The are "well endowed" 
twenty somethings and shall I say, easy on the eyes wearing shirts the same 
size as my four year olds.  Now I didn't think anything of it, as I live in a 
college town and being a fraternity guy, I just figured it was one of the local 
sorority chapters conducting a fundraiser using there "assets."   They finish 
up as I finish loading and I reach for a couple of bucks.  However, they refuse 
money and just ask for a ride a couple of miles down the road.  I reluctantly 
agree and they hop in the truck.  As soon as I start moving they start getting 
undressed and the on beside me jumps on mewhile the other one grabs my 
wallet.  I couldn't believe it.  

 

They got me on the 17th, 19th, 20th and the 22nd.  

 

  

 

Shook

 

 

 


***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed.  If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
***

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Home Depot scam taylored to men!

[Ziots, Edward]

Wait a minute, one of them probably was his Wife, the other, I dunno a female 
accompliace? 

 

Sounds like a good skit for Larry the Cable Guy joke session. 

 

PS: If anyone saw the Ron White Concert at Mohegan Sun in CT on Friday is how 
flipping hilarious was THAT!

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: René de Haas [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:33 AM
To: NT System Admin Issues
Subject: RE: Home Depot scam taylored to men!

 

How did you explain it to your wife  

 

From: Andy Shook [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 4:42 PM
To: NT System Admin Issues
Subject: OT: Home Depot scam taylored to men!

 

List dudes,

This got me and I just wanted to pass along the info.  The scam works like 
this..

 

I went to Home Depot bought some stuff and as I'm loading it in my truck, these 
two women approach me and start washing my windshield.  The are "well endowed" 
twenty somethings and shall I say, easy on the eyes wearing shirts the same 
size as my four year olds.  Now I didn't think anything of it, as I live in a 
college town and being a fraternity guy, I just figured it was one of the local 
sorority chapters conducting a fundraiser using there "assets."   They finish 
up as I finish loading and I reach for a couple of bucks.  However, they refuse 
money and just ask for a ride a couple of miles down the road.  I reluctantly 
agree and they hop in the truck.  As soon as I start moving they start getting 
undressed and the on beside me jumps on mewhile the other one grabs my 
wallet.  I couldn't believe it.  

 

They got me on the 17th, 19th, 20th and the 22nd.  

 

  

 

Shook

 

 

 



***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed. If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
*** 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Dell NVidia GPU problem

[René de Haas]

A little heads up:

 

http://direct2dell.com/one2one/archive/2008/07/25/nvidia-gpu-update-for-dell-laptop-owners.aspx

 

If the problem isn't with the D830 or D430 I hardly have a problem, but we'll 
see.

 

Regards

René



***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed.  If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
***

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Edit .dns files manually

[Ziots, Edward]

I have moved DNS servers in that fashion, but you can probably use a
script with dnscmd.exe from the resource kit to take care of the
editing. 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 26, 2008 6:56 PM
To: NT System Admin Issues
Subject: Edit .dns files manually

 

Im in process of changing about 40 domains for a client, all internal,
they have a 2003 standard and secondary dns server (not ad). Im thinking
to lessen the downtime, I could edit the .dns files in notepad and then
just copy them back into the system32\dns folder and restart dns
services. 

 

What say you?

 

I googled around but most of what I found was copying registry over and
doing other AD integrated style things..

 

Thanks

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Disgruntled Sysadmin

[Ziots, Edward]

LOL just stupid people doing stupid things, DA's are not immune, they
might be the most clueless people on the planet. That is why they say
the joke what is a 100 lawyers on the bottom of the ocean... ( Yep a
good start)

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

-Original Message-
From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 5:59 PM
To: NT System Admin Issues
Subject: RE: Disgruntled Sysadmin

WTF?

-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2008 1:28 PM
To: NT System Admin Issues
Subject: Re: Disgruntled Sysadmin

On 15 Jul 2008 at 14:14, Jon Harris  wrote:

> Besides it is just plain more fun to give them the user ID's and
> passwords and let them screw everything up for themselves.

Done for him by the SF DA's office:

--- Included Stuff Follows ---
San Francisco DA discloses city's network passwords | IDGNS | News |
July 25,
2008 | By Robert McMillan, IDG News Service

In its bid to protect the city from one computer security risk, the
San
Francisco District Attorney's Office may very well have created
another.

The office of San Francisco District Attorney Kamala Harris has made
public close to 150 usernames and passwords used by various
departments to
connect to the city's virtual private network. The passwords were
filed
this week as Exhibit A in a court document arguing against a
reduction in
$5 million bail in the case of Terry Childs, who is accused of
holding the
city's network hostage by refusing to give up administrative
networking
passwords. Childs was arrested July 12 on charges of computer
tampering
and is being held in the county jail.

- Included Stuff Ends -
Full story here:
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/
08/07/2
5/San_Francisco_DA_discloses_citys_network_passwords_1.html
or here if the above wraps unusably: http://preview.tinyurl.com/6k5a2v

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Alert when new Email Arrives (LOUD)

[Ziots, Edward]

Dam that is the BOMB...

 

Good one, 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505



From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 4:45 PM
To: NT System Admin Issues
Subject: RE: Alert when new Email Arrives (LOUD)

 

Here is a wav file you could use :-)Uh, and NSFW.  Although at my
office, HEAW.   (Highly encouraged at work).

http://www.arr-the-kraken.com/files/mail.wav

 

 

From: N Parr [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 3:19 PM
To: NT System Admin Issues
Subject: Alert when new Email Arrives (LOUD)

 

Brainstorming here, trying to think of a way to alert shipping personnel
in a warehouse when a new email arrives.  Short of hooking a big a$$ amp
up to the speaker output of the computer and having it play a little
Ozzy when new email arrives.  Anyone think of something, maybe usb
relay, that could set off a light or buzzer.  I suppose I could get a
self powered PA speaker and tie it in, do have a couple of those in the
closet.

Niles

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Disgruntled Sysadmin

[René de Haas]

Or what are mixed feelings?

The feeling of happiness when you hear a bus of lawyers had an accident
Mixed with the feeling of sadness when you hear one of them survived

-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:32 PM
To: NT System Admin Issues
Subject: RE: Disgruntled Sysadmin

LOL just stupid people doing stupid things, DA's are not immune, they
might be the most clueless people on the planet. That is why they say
the joke what is a 100 lawyers on the bottom of the ocean... ( Yep a
good start)

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

-Original Message-
From: David Lum [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 5:59 PM
To: NT System Admin Issues
Subject: RE: Disgruntled Sysadmin

WTF?

-Original Message-
From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2008 1:28 PM
To: NT System Admin Issues
Subject: Re: Disgruntled Sysadmin

On 15 Jul 2008 at 14:14, Jon Harris  wrote:

> Besides it is just plain more fun to give them the user ID's and
> passwords and let them screw everything up for themselves.

Done for him by the SF DA's office:

--- Included Stuff Follows ---
San Francisco DA discloses city's network passwords | IDGNS | News |
July 25,
2008 | By Robert McMillan, IDG News Service

In its bid to protect the city from one computer security risk, the
San
Francisco District Attorney's Office may very well have created
another.

The office of San Francisco District Attorney Kamala Harris has made
public close to 150 usernames and passwords used by various
departments to
connect to the city's virtual private network. The passwords were
filed
this week as Exhibit A in a court document arguing against a
reduction in
$5 million bail in the case of Terry Childs, who is accused of
holding the
city's network hostage by refusing to give up administrative
networking
passwords. Childs was arrested July 12 on charges of computer
tampering
and is being held in the county jail.

- Included Stuff Ends -
Full story here:
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/
08/07/2
5/San_Francisco_DA_discloses_citys_network_passwords_1.html
or here if the above wraps unusably: http://preview.tinyurl.com/6k5a2v

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~


***
The information in this e-mail is confidential and intended solely for the 
individual or entity to whom it is addressed.  If you have received this e-mail 
in error please notify the sender by return e-mail delete this e-mail and 
refrain from any disclosure or action based on the information.
***

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Alert when new Email Arrives (LOUD)

[N Parr]

They aren't important enough for that.Actually they did have a BB
for a couple weeks while the line and VPN were being installed.



From: Eric Woodford [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 3:36 PM
To: NT System Admin Issues
Subject: Re: Alert when new Email Arrives (LOUD)


Have it forward to a vibrating pager.. or Blackberry.. 


On Fri, Jul 25, 2008 at 1:19 PM, N Parr <[EMAIL PROTECTED]>
wrote:


Brainstorming here, trying to think of a way to alert shipping
personnel in a warehouse when a new email arrives.  Short of hooking a
big a$$ amp up to the speaker output of the computer and having it play
a little Ozzy when new email arrives.  Anyone think of something, maybe
usb relay, that could set off a light or buzzer.  I suppose I could get
a self powered PA speaker and tie it in, do have a couple of those in
the closet.
Niles










~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Alert when new Email Arrives (LOUD)

[N Parr]

They would send themselves email just to set it off.



From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 3:45 PM
To: NT System Admin Issues
Subject: RE: Alert when new Email Arrives (LOUD)



Here is a wav file you could use JUh, and NSFW.  Although at my
office, HEAW.   (Highly encouraged at work).

http://www.arr-the-kraken.com/files/mail.wav

 

 

From: N Parr [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 3:19 PM
To: NT System Admin Issues
Subject: Alert when new Email Arrives (LOUD)

 

Brainstorming here, trying to think of a way to alert shipping personnel
in a warehouse when a new email arrives.  Short of hooking a big a$$ amp
up to the speaker output of the computer and having it play a little
Ozzy when new email arrives.  Anyone think of something, maybe usb
relay, that could set off a light or buzzer.  I suppose I could get a
self powered PA speaker and tie it in, do have a couple of those in the
closet.

Niles

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Disgruntled Sysadmin

[James Rankin]

An engineer died and reported to the pearly gates. An intern
angel, filling in for St. Peter, checked his dossier and grimly
said, "Ah, you're an engineer; you're in the wrong place."

So the engineer was cast down to the gates of hell and was let
in. Pretty soon, the engineer became gravely dissatisfied with
the level of comfort in hell, and began designing and building
improvements. After a while, the underworld had air conditioning,
flush toilets, and escalators, and the engineer was becoming a
pretty popular guy among the demons.

One day, God called Satan up on the telephone and asked with a
sneer, "So, how's it going down there in hell?"

Satan laughed and replied, "Hey, things are going great. We've
got air conditioning and flush toilets and escalators, and
there's no telling what this engineer is going to come up with
next."

God's face clouded over and he exploded, "What? You've got an
engineer? That's a mistake; he should never have gotten down
there; send him up here."

Satan shook his head, "No way. I like having an engineer on the
staff, and I'm keeping him."

God was as mad as he had ever been, "This is not the way things
are supposed to work and you know it. Send him back up here or
I'll sue."

Satan laughed uproariously, "Yeah, right. And just where are YOU
going to get a lawyer?"

2008/7/28 René de Haas <[EMAIL PROTECTED]>

> Or what are mixed feelings?
>
> The feeling of happiness when you hear a bus of lawyers had an accident
> Mixed with the feeling of sadness when you hear one of them survived
>
> -Original Message-
> From: Ziots, Edward [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 2:32 PM
> To: NT System Admin Issues
> Subject: RE: Disgruntled Sysadmin
>
> LOL just stupid people doing stupid things, DA's are not immune, they
> might be the most clueless people on the planet. That is why they say
> the joke what is a 100 lawyers on the bottom of the ocean... ( Yep a
> good start)
>
> Z
>
> Edward E. Ziots
> Network Engineer
> Lifespan Organization
> MCSE,MCSA,MCP,Security+,Network+,CCA
> Phone: 401-639-3505
>
> -Original Message-
> From: David Lum [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 5:59 PM
> To: NT System Admin Issues
> Subject: RE: Disgruntled Sysadmin
>
> WTF?
>
> -Original Message-
> From: Angus Scott-Fleming [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 1:28 PM
> To: NT System Admin Issues
> Subject: Re: Disgruntled Sysadmin
>
> On 15 Jul 2008 at 14:14, Jon Harris  wrote:
>
> > Besides it is just plain more fun to give them the user ID's and
> > passwords and let them screw everything up for themselves.
>
> Done for him by the SF DA's office:
>
> --- Included Stuff Follows ---
> San Francisco DA discloses city's network passwords | IDGNS | News |
> July 25,
> 2008 | By Robert McMillan, IDG News Service
>
>In its bid to protect the city from one computer security risk, the
> San
>Francisco District Attorney's Office may very well have created
> another.
>
>The office of San Francisco District Attorney Kamala Harris has made
>public close to 150 usernames and passwords used by various
> departments to
>connect to the city's virtual private network. The passwords were
> filed
>this week as Exhibit A in a court document arguing against a
> reduction in
>$5 million bail in the case of Terry Childs, who is accused of
> holding the
>city's network hostage by refusing to give up administrative
> networking
>passwords. Childs was arrested July 12 on charges of computer
> tampering
>and is being held in the county jail.
>
> - Included Stuff Ends -
> Full story here:
> http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/
> 08/07/2
> 5/San_Francisco_DA_discloses_citys_network_passwords_1.html
> or here if the above wraps unusably: http://preview.tinyurl.com/6k5a2v
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> +---+
>
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
>
> ***
> The information in this e-mail is confidential and intended solely for the
> individual or entity to whom it is addressed.  If you have received this
> e-mail in error please notify the sender by return e-mail delete this e-mail
> and refrain from any disclosure or action based on the information.
> ***
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~ 

RE: Edit .dns files manually

[Kim Longenbaugh]

We've done that successfully here.

 



From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 26, 2008 5:56 PM
To: NT System Admin Issues
Subject: Edit .dns files manually

 

Im in process of changing about 40 domains for a client, all internal,
they have a 2003 standard and secondary dns server (not ad). Im thinking
to lessen the downtime, I could edit the .dns files in notepad and then
just copy them back into the system32\dns folder and restart dns
services. 

 

What say you?

 

I googled around but most of what I found was copying registry over and
doing other AD integrated style things..

 

Thanks

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: WAY OT: WMP and youtube

[Roger Wright]

Download Youtube videos (works on similar sites)
http://tinyurl.com/6bkarx

 

Tool to convert to DVD format:http://www.dvdflick.net/index.php

 

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Joseph L. Casale [mailto:[EMAIL PROTECTED] 
Sent: Saturday, July 26, 2008 2:44 PM
To: NT System Admin Issues
Subject: WAY OT: WMP and youtube

 

I have these two guys (whom I want to help) that use realplayer on Vista
to download and play youtube vids.

 

That app sucks, and always has issues.

 

How can I provide them with a setup to use wmp or another competent
media player to rip and replay these vids?

 

Thanks for any hints!
jlc

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Any know how to install IO::Socket::SSL with active state perl

[Ski Kacoroski]

Thanks,

ski

Micheal Espinola Jr wrote:

Its in the University of Winnipeg repository.  Type this to add it
(single line may wrap):

   ppm repo add "University of Winnipeg" http://theoryx5.uwinnipeg.ca/ppms/

after which,

   ppm install IO::Socket::SSL

should work just fine.



On Fri, Jul 25, 2008 at 11:59 AM, Ski Kacoroski <[EMAIL PROTECTED]> wrote:

I was not able to find it in any PPM repositories.  Do you know of one?

ski

Micheal Espinola Jr wrote:

Do you know how to use the PPM?  Have you found a repository that you
can install this module from?

On Wed, Jul 23, 2008 at 11:01 AM, Ski Kacoroski <[EMAIL PROTECTED]>
wrote:

Hi,

I get a Net::SSLeay could not find a random number generator error.  The
docs for this say I need a RNG such as /dev/random (unix speak) or an
alternate, but all the only alternate I can find is no longer available
(EGADS).

cheers,

ski

--
"When we try to pick out anything by itself, we find it
 connected to the entire universe"John Muir

Chris "Ski" Kacoroski, [EMAIL PROTECTED], 206-501-9803
or ski98033 on most IM services

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~





--
"When we try to pick out anything by itself, we find it
 connected to the entire universe"John Muir

Chris "Ski" Kacoroski, [EMAIL PROTECTED], 206-501-9803
or ski98033 on most IM services

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~







--
"When we try to pick out anything by itself, we find it
 connected to the entire universe"John Muir

Chris "Ski" Kacoroski, [EMAIL PROTECTED], 206-501-9803
or ski98033 on most IM services

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Sharepoint Explorer View Issues

[Tim Evans]

We did this, and it worked perfectly. Thanks for the education and your
help on this.

 

FYI, once we got Kerberos working properly, the explorer view problem
went away without having to upgrade to Vista.

 

 

...Tim

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 7:29 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

What account is your Sharepoint application running under? That is the
account (whether it be computer or user) that you'd register the
http/spps and http/spps.yourdomain.whatever SPNs under (unless you are
using IIS 7)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Saturday, 26 July 2008 5:39 AM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Maybe I'm beating a dead horse here, but I've got to try :-)

 

We've discovered that by disabling Kerberos authentication on the site
everything works perfectly. So, implied to me that there is a problem
with Kerberos authentication on that sharepoint site, which led me to a
very nice series about Kerberos on your blog. After reading thru them, I
think I understand the problem, I just don't know how to fix it.
Hopefully you or someone else here can advise.

The server's name is MOSS, but we access it with the name SPPS (set up
as a CNAME in DNS) via host headers. When we set it up, we set up a SPN
for HTTP and the sharepoint service account on MOSS. My theory is that
Kerberos is trying to look up a SPN for SPPS instead, which doesn't
exist, and I can't add one because it isn't an object in AD.

 

Any thoughts?

 

 

...Tim

 

From: Tim Evans 
Sent: Wednesday, May 21, 2008 6:04 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

Darn, Ken. I was counting on you to have a quick easy fix for this :-).
We're working on the Vista upgrade, but we're not quite ready to take
the plunge yet.

 

Thanks anyway.

...Tim

 

 

From: Ken Schaefer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 21, 2008 5:44 PM
To: NT System Admin Issues
Subject: RE: Sharepoint Explorer View Issues

 

I've been in a similar situation (trying to work out how to get WebDAV
rather than FP view working). Been through that paper, looking at
network packet captures, and all sorts of things. Pinged MVPs, Microsoft
people, and couldn't work it all out.


Upgrade to Vista - the WebDAV redirector was completely rewritten for
Vista and works now :-)

 

Cheers

Ken

 

From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 May 2008 8:02 AM
To: NT System Admin Issues
Subject: Sharepoint Explorer View Issues

 

We're having some problems with some users ability to use Explorer View
in shared documents folders on our MOSS server. The symptom is that the
get an authentication popup when they change from the All Documents view
to Explorer view. They cannot authenticate with the pop up, no matter
what credentials are used. If they cancel the popup, they get in, but
have reduced functionality (can't drag & drop, copy, etc).  The users
affected by it appear to be completely random some with IE6, some with
IE7, nothing in common that I can see (all are XPSP2 or 3).

 

Googling for help on this yields a bunch of blog entries that all point
to a 2006 MS White paper titled "Understanding and Troubleshooting the
Sharepoint Explorer View". From reading this white paper, it sounds like
we are getting FPRPC instead of WebDAV. Following the troubleshooting
steps, we have confirmed that the Web Client Service is running, the
content unencrypted over port 80. Manually adding the site to the local
intranet zone makes no difference (it shows unknown zone/mixed by
default).

 

So, does anyone  know how to force IE to use WebDAV on a Sharepoint
site?

 

 

...Tim

 

 

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Remote Network Monitoring Software

[Clayton Doige]

Hi all, this is more targetting at those of you on list that work for
consultancy firms, as opposed to in house folks.

I am surfing around looking at various network monitoring tools, but the key
things that I am looking for are ones that allow a consultancy firm to
remotely monitor several networks simulteneously, and securely. The idea
being we can have a dashboard in our office showing our various client's
networks and alerting us to any issues. So this obviously mean mutilple
domains, subnets, SNMP communities and the like.

What are folks using, and how happy are you with it?

Thanks

Clayton

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Remote Network Monitoring Software

[Michael B. Smith]

How much money do you want to spend, and how much work do you want to do
"rolling your own" and how much equipment will you have at the remote end?

 

Nagios, MRTG, etc. are all "free" and given site-to-site VPNs can be secure.
But you'll have a significant "roll-your-own" investment to customize it.

 

Servers Alive is inexpensive and can generate traps to only specific IP
addresses for security. You'll have some roll-your-own going on here too.

 

Altiris, OpsMgr, OpenView are all enterprise solutions, but you'll need to
put a server on the customer site to be able to get it all. Configuration
isn't for the weak at heart, but once configured should run smoothly. They
all provide secure connections.

 

Regards,

 

Michael B. Smith

MCITP:SA,EMA/MCSE/Exchange MVP

http://TheEssentialExchange.com

 

From: Clayton Doige [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:22 PM
To: NT System Admin Issues
Subject: Remote Network Monitoring Software

 

Hi all, this is more targetting at those of you on list that work for
consultancy firms, as opposed to in house folks.

 

I am surfing around looking at various network monitoring tools, but the key
things that I am looking for are ones that allow a consultancy firm to
remotely monitor several networks simulteneously, and securely. The idea
being we can have a dashboard in our office showing our various client's
networks and alerting us to any issues. So this obviously mean mutilple
domains, subnets, SNMP communities and the like.

 

What are folks using, and how happy are you with it?

 

Thanks

 

Clayton


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Remote Network Monitoring Software

[mck1012]

check out http://zenithinfotech.com/



- Original Message 
From: Clayton Doige <[EMAIL PROTECTED]>
To: NT System Admin Issues 
Sent: Monday, July 28, 2008 12:22:18 PM
Subject: Remote Network Monitoring Software


Hi all, this is more targetting at those of you on list that work for 
consultancy firms, as opposed to in house folks.
 
I am surfing around looking at various network monitoring tools, but the key 
things that I am looking for are ones that allow a consultancy firm to remotely 
monitor several networks simulteneously, and securely. The idea being we can 
have a dashboard in our office showing our various client's networks and 
alerting us to any issues. So this obviously mean mutilple domains, subnets, 
SNMP communities and the like.
 
What are folks using, and how happy are you with it?
 
Thanks
 
Clayton


  
~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Symantec Endpoint Protection

[Joe Heaton]

Anyone using this that is happy with it?  Also, is there anyone here
that doesn't think Symantec is a big pile?  I personally hate the
product, and wish that I made the decisions around here, but I don't, so
I have to come up with objective reviews of SEP, and whether or not we
should upgrade from v.10 to the Symantec Mulit-tier protection system,
with SEP, SAV Mobile and Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Symantec Endpoint Protection

[Sean Houston]

I think for a stand-alone PC that is an unmanaged client SEP is a pretty
decent product.  In a domain environment it is not so good.  It's definitely
a MUCH better product now then it was at launch, but that's not saying too
much.  I am still not confident enough with it to be comfortable installing
it at any of our clients.  I think by the end of the year it will probably
be good enough.  It also has all the extra stuff like the network and
proactive scanning, firewall, etc that should all not be installed unless
you are going to take the time to configure all of it.

 I would honestly stay with antivirus 10.2.  If you are using 10.2 corporate
edition and like the features of multi-tier protection you have an option.
You can purchase SEP Multi-tier and request a downgrade license and media.
You will get to use SAV 10.2 Enterprise edition which is a pretty kick ass
product.  Just my thoughts, hope they help!

-Sean Houston

On Mon, Jul 28, 2008 at 1:34 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:

>  Anyone using this that is happy with it?  Also, is there anyone here that
> doesn't think Symantec is a big pile?  I personally hate the product, and
> wish that I made the decisions around here, but I don't, so I have to come
> up with objective reviews of SEP, and whether or not we should upgrade from
> v.10 to the Symantec Mulit-tier protection system, with SEP, SAV Mobile and
> Mail Security.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> [EMAIL PROTECTED]
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Remote Network Monitoring Software

[Erik Goldoff]

sAlive is *still* a great choice for very little $$$  I found it easier to
install locally at the smaller client sites on the ONLY machine setup to
allow me to VPN in and control (at my advice), the more robust sites can
handle a permanent tunnel where I can *also* monitor from a local
installation at my site.

  _  

From: Clayton Doige [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:22 PM
To: NT System Admin Issues
Subject: Remote Network Monitoring Software


Hi all, this is more targetting at those of you on list that work for
consultancy firms, as opposed to in house folks.
 
I am surfing around looking at various network monitoring tools, but the key
things that I am looking for are ones that allow a consultancy firm to
remotely monitor several networks simulteneously, and securely. The idea
being we can have a dashboard in our office showing our various client's
networks and alerting us to any issues. So this obviously mean mutilple
domains, subnets, SNMP communities and the like.
 
What are folks using, and how happy are you with it?
 
Thanks
 
Clayton



No virus found in this incoming message.

Checked by AVG - http://www.avg.com 

Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008
6:55 AM



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Michael Ross]

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic.. 

But for email servers, id use trend micro's scanmail. IMHO.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

 

Anyone using this that is happy with it?  Also, is there anyone here that
doesn't think Symantec is a big pile?  I personally hate the product, and
wish that I made the decisions around here, but I don't, so I have to come
up with objective reviews of SEP, and whether or not we should upgrade from
v.10 to the Symantec Mulit-tier protection system, with SEP, SAV Mobile and
Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Mathew Shember]

What's your address?  :p

 

Some badly written worms due sequential port scans.

 

You don't want to be attacking systems because if somebody files a complaint
against you, it's rather hard to defend cyber attacks..

 

Find the ISP of those addresses and file a complaint.

 

 

 

From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 11:11 AM
To: NT System Admin Issues
Subject: People that keep scanning my firewall

 

Does anyone want to share a list of jerkoffs that keep scanning the outside
interface of their firewalls?

I want to just blast these IP's that keep filling up my Management reports.
They are a bother and have

no real value but I am required to get the board an unaltered report.

 

 

 

 

 

 

Data Security is everyone's responsibility.

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[David W. McSpadden]

most are out of country.
  - Original Message - 
  From: Mathew Shember 
  To: NT System Admin Issues 
  Sent: Monday, July 28, 2008 2:25 PM
  Subject: RE: People that keep scanning my firewall


  What's your address?  :p

   

  Some badly written worms due sequential port scans.

   

  You don't want to be attacking systems because if somebody files a complaint 
against you, it's rather hard to defend cyber attacks..

   

  Find the ISP of those addresses and file a complaint.

   

   

   

  From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
  Sent: Monday, July 28, 2008 11:11 AM
  To: NT System Admin Issues
  Subject: People that keep scanning my firewall

   

  Does anyone want to share a list of jerkoffs that keep scanning the outside 
interface of their firewalls?

  I want to just blast these IP's that keep filling up my Management reports.  
They are a bother and have

  no real value but I am required to get the board an unaltered report.

   

   

   

   

   

   

  Data Security is everyone's responsibility.

   

 





__

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[Phil Brutsche]

In that case, good luck getting them to do anything about it.

If they are being a particular nuisance you could block that subnet at
the router upstream from your firewall.

David W. McSpadden wrote:
> most are out of country.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[David W. McSpadden]

Router is Leased from AT&T.  I can ask them but I think I am just pissing in 
the wind right now.


- Original Message - 
From: "Phil Brutsche" <[EMAIL PROTECTED]>

To: "NT System Admin Issues" 
Sent: Monday, July 28, 2008 2:36 PM
Subject: Re: People that keep scanning my firewall



In that case, good luck getting them to do anything about it.

If they are being a particular nuisance you could block that subnet at
the router upstream from your firewall.

David W. McSpadden wrote:

most are out of country.


--

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

__

This e-mail and any files transmitted with it are property of Indiana 
Members Credit Union, are confidential, and are intended solely for the 
use of the individual or entity to whom this e-mail is addressed. If you 
are not one of the named recipient(s) or otherwise have reason to believe 
that you have received this message in error, please notify the sender and 
delete this message immediately from your computer. Any other use, 
retention, dissemination, forwarding, printing, or copying of this email 
is strictly prohibited.


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Ziots, Edward]

Set up a honeypot and watch the scans go way up. 

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:36 PM
To: NT System Admin Issues
Subject: Re: People that keep scanning my firewall

In that case, good luck getting them to do anything about it.

If they are being a particular nuisance you could block that subnet at
the router upstream from your firewall.

David W. McSpadden wrote:
> most are out of country.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[RichardMcClary]

Furthermore, Windows (at least up through 2003) does not have the whois 
command.  If you have access to a x-nix box...

Othewise, look for a reverse name lookup utility.  There is a web-based 
one:  http://www.arin.net/whois/

Also http://ip-lookup.net

Also some tools such as "iplookup" from http://www.softnik.com

Besides doing the reverse lookup, they should also tell you who "owns" 
that network and to whom you report abuse.
--
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL  61802
217-337-9761
http://www.aspca.org


"David W. McSpadden" <[EMAIL PROTECTED]> wrote on 07/28/2008 01:29:36 PM:

> most are out of country.
> - Original Message - 
> From: Mathew Shember 
> To: NT System Admin Issues 
> Sent: Monday, July 28, 2008 2:25 PM
> Subject: RE: People that keep scanning my firewall
> 
> What’s your address?  :p
> 
> Some badly written worms due sequential port scans.
> 
> You don’t want to be attacking systems because if somebody files a 
> complaint against you, it’s rather hard to defend cyber attacks….
> 
> Find the ISP of those addresses and file a complaint.
> 
> 
> 
> From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
> Sent: Monday, July 28, 2008 11:11 AM
> To: NT System Admin Issues
> Subject: People that keep scanning my firewall
> 
> Does anyone want to share a list of jerkoffs that keep scanning the 
> outside interface of their firewalls?
> I want to just blast these IP's that keep filling up my Management 
> reports.  They are a bother and have
> no real value but I am required to get the board an unaltered report.
> 
> 
> 
> 
> 
> 
> Data Security is everyone's responsibility.
> 
> 
> 
> 
> 
> 
> __
> 
> 
> 
> This e-mail and any files transmitted with it are property of 
> Indiana Members Credit Union, are confidential, and are intended 
> solely for the use of the individual or entity to whom this e-mail 
> is addressed. If you are not one of the named recipient(s) or 
> otherwise have reason to believe that you have received this message
> in error, please notify the sender and delete this message 
> immediately from your computer. Any other use, retention, 
> dissemination, forwarding, printing, or copying of this email is 
> strictly prohibited.
> 
> 
> 
> This email has been scanned by the MessageLabs Email Security System.
> 
> For more information please visit http://www.messagelabs.com/email 
> 
> __
> 
> 
> 
> 

> 
> 

> 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Clayton Doige]

Hey, a lot of those scans will be script kiddies and the like, it is summer 
holidays after all. Annoying to be sure, but it does show your firewall up to 
management as a target, and that could work in your favour if you need budget 
for additional security in the future? Just a thought...

-Original Message-
From: David W. McSpadden <[EMAIL PROTECTED]>
Sent: 28 July 2008 19:10
To: NT System Admin Issues 
Subject: People that keep scanning my firewall

Does anyone want to share a list of jerkoffs that keep scanning the outside 
interface of their firewalls?
I want to just blast these IP's that keep filling up my Management reports.  
They are a bother and have
no real value but I am required to get the board an unaltered report.
 
 
 
 
 
 
Data Security is everyone's responsibility.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[David W. McSpadden]

7887 entries since last thursday.
The majority are 1 icmp scan per IP.
However there are about 20 IPs that have over 300 scans since Thursday.
They are all blocked but come on people this is crazy.
  - Original Message - 
  From: Clayton Doige 
  To: NT System Admin Issues 
  Sent: Monday, July 28, 2008 2:43 PM
  Subject: RE: People that keep scanning my firewall


  Hey, a lot of those scans will be script kiddies and the like, it is summer 
holidays after all. Annoying to be sure, but it does show your firewall up to 
management as a target, and that could work in your favour if you need budget 
for additional security in the future? Just a thought...


--
  From: David W. McSpadden <[EMAIL PROTECTED]>
  Sent: 28 July 2008 19:10
  To: NT System Admin Issues 
  Subject: People that keep scanning my firewall


  Does anyone want to share a list of jerkoffs that keep scanning the outside 
interface of their firewalls?
  I want to just blast these IP's that keep filling up my Management reports.  
They are a bother and have
  no real value but I am required to get the board an unaltered report.






  Data Security is everyone's responsibility.










__

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[Phil Brutsche]

Bah, I hate that.

Fortunately I have enough smarts to configure an IOS router on my own.

David W. McSpadden wrote:
> Router is Leased from AT&T.  I can ask them but I think I am just pissing in 
> the wind right now.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: People that keep scanning my firewall

[Phil Brutsche]

It also goes to show that if you have internet access you are a target,
period.

Just be glad no one is intentionally targeting you.

Clayton Doige wrote:
> Hey, a lot of those scans will be script kiddies and the like, it is
> summer holidays after all. Annoying to be sure, but it does show your
> firewall up to management as a target, and that could work in your
> favour if you need budget for additional security in the future? Just a
> thought...

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Michael Hoffman]

I liked the product, it's just that at launch it was too heavy to run on
anything but a dedicated box. As all our clients have SBS we just
renewed and kept them on v.10. The new version is a lot lighter, but I'm
still nervous about older servers and we are looking at a more blended
defence. I'll probably keep renewing my clients for one more year and
then see.

 

Mike 

 

From: Michael Ross [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic.. 

But for email servers, id use trend micro's scanmail. IMHO.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

 

Anyone using this that is happy with it?  Also, is there anyone here
that doesn't think Symantec is a big pile?  I personally hate the
product, and wish that I made the decisions around here, but I don't, so
I have to come up with objective reviews of SEP, and whether or not we
should upgrade from v.10 to the Symantec Mulit-tier protection system,
with SEP, SAV Mobile and Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Carl Houseman]

Download dig for windows, it includes whois.exe.   Put the dig folder in the 
system path.  Now you have a command line whois for windows.

Carl

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:41 PM
To: NT System Admin Issues
Subject: Re: People that keep scanning my firewall

Furthermore, Windows (at least up through 2003) does not have the whois 
command.  If you have access to a x-nix box...

Othewise, look for a reverse name lookup utility.  There is a web-based 
one:  http://www.arin.net/whois/

Also http://ip-lookup.net

Also some tools such as "iplookup" from http://www.softnik.com

Besides doing the reverse lookup, they should also tell you who "owns" 
that network and to whom you report abuse.
--
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL  61802
217-337-9761
http://www.aspca.org


"David W. McSpadden" <[EMAIL PROTECTED]> wrote on 07/28/2008 01:29:36 PM:

> most are out of country.
> - Original Message - 
> From: Mathew Shember 
> To: NT System Admin Issues 
> Sent: Monday, July 28, 2008 2:25 PM
> Subject: RE: People that keep scanning my firewall
> 
> What’s your address?  :p
> 
> Some badly written worms due sequential port scans.
> 
> You don’t want to be attacking systems because if somebody files a 
> complaint against you, it’s rather hard to defend cyber attacks….
> 
> Find the ISP of those addresses and file a complaint.
> 
> 
> 
> From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
> Sent: Monday, July 28, 2008 11:11 AM
> To: NT System Admin Issues
> Subject: People that keep scanning my firewall
> 
> Does anyone want to share a list of jerkoffs that keep scanning the 
> outside interface of their firewalls?
> I want to just blast these IP's that keep filling up my Management 
> reports.  They are a bother and have
> no real value but I am required to get the board an unaltered report.


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Mike French]

Agreed - Nepenthes with Honeytrap works nice... send all the bad ports
to the honeypot and tell Honeytrap to Mirror the connection (LOL, use
with caution)
I also use http://www.nirsoft.net/utils/ipnetinfo.html IPNETInfo for the
looks up of rouge IP's it works nice...


-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 1:41 PM
To: NT System Admin Issues
Subject: RE: People that keep scanning my firewall

Set up a honeypot and watch the scans go way up. 

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:36 PM
To: NT System Admin Issues
Subject: Re: People that keep scanning my firewall

In that case, good luck getting them to do anything about it.

If they are being a particular nuisance you could block that subnet at
the router upstream from your firewall.

David W. McSpadden wrote:
> most are out of country.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Aaron T. Rohyans]

Depending on how many IP's your talking about... try shunning them from
the ASA, and removing the syslog message from being "logged"

 

shun 11.22.33.44

no logging message 401004

 

That'll at least clean up the logs without sacrificing legitimate
logging output.

Aaron Rohyans 
IT Coordinator, IDC-USA 
[EMAIL PROTECTED]   
317.244.8307 (V) 
317.244.4600 (F) 



From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:44 PM
To: NT System Admin Issues
Subject: Re: People that keep scanning my firewall

 

7887 entries since last thursday.

The majority are 1 icmp scan per IP.

However there are about 20 IPs that have over 300 scans since Thursday.

They are all blocked but come on people this is crazy.

- Original Message - 

From: Clayton Doige   

To: NT System Admin Issues
  

Sent: Monday, July 28, 2008 2:43 PM

Subject: RE: People that keep scanning my firewall

 

Hey, a lot of those scans will be script kiddies and the like,
it is summer holidays after all. Annoying to be sure, but it does show
your firewall up to management as a target, and that could work in your
favour if you need budget for additional security in the future? Just a
thought...





From: David W. McSpadden <[EMAIL PROTECTED]>
Sent: 28 July 2008 19:10
To: NT System Admin Issues

Subject: People that keep scanning my firewall

Does anyone want to share a list of jerkoffs that keep scanning
the outside interface of their firewalls?

I want to just blast these IP's that keep filling up my
Management reports.  They are a bother and have

no real value but I am required to get the board an unaltered
report.

 

 

 

 

 

 

Data Security is everyone's responsibility.

 

 

 





__









This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are intended solely
for the use of the individual or entity to whom this e-mail is
addressed. If you are not one of the named recipient(s) or otherwise
have reason to believe that you have received this message in error,
please notify the sender and delete this message immediately from your
computer. Any other use, retention, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.









This email has been scanned by the MessageLabs Email Security
System.




For more information please visit
http://www.messagelabs.com/email 





__





 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: People that keep scanning my firewall

[Bill Lambert]

I use Sam Spade...handy GUI tool...been around for years.

http://www.pcworld.com/downloads/file/fid,4709-order,1-page,1-c,spamblockers/description.html



Bill Lambert
Concuity
847-941-9206
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 1:41 PM
To: NT System Admin Issues
Subject: Re: People that keep scanning my firewall

Furthermore, Windows (at least up through 2003) does not have the whois 
command.  If you have access to a x-nix box...

Othewise, look for a reverse name lookup utility.  There is a web-based 
one:  http://www.arin.net/whois/

Also http://ip-lookup.net

Also some tools such as "iplookup" from http://www.softnik.com

Besides doing the reverse lookup, they should also tell you who "owns" 
that network and to whom you report abuse.
--
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL  61802
217-337-9761
http://www.aspca.org


"David W. McSpadden" <[EMAIL PROTECTED]> wrote on 07/28/2008 01:29:36 PM:

> most are out of country.
> - Original Message - 
> From: Mathew Shember 
> To: NT System Admin Issues 
> Sent: Monday, July 28, 2008 2:25 PM
> Subject: RE: People that keep scanning my firewall
> 
> What’s your address?  :p
> 
> Some badly written worms due sequential port scans.
> 
> You don’t want to be attacking systems because if somebody files a 
> complaint against you, it’s rather hard to defend cyber attacks….
> 
> Find the ISP of those addresses and file a complaint.
> 
> 
> 
> From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
> Sent: Monday, July 28, 2008 11:11 AM
> To: NT System Admin Issues
> Subject: People that keep scanning my firewall
> 
> Does anyone want to share a list of jerkoffs that keep scanning the 
> outside interface of their firewalls?
> I want to just blast these IP's that keep filling up my Management 
> reports.  They are a bother and have
> no real value but I am required to get the board an unaltered report.
> 
> 
> 
> 
> 
> 
> Data Security is everyone's responsibility.
> 
> 
> 
> 
> 
> 
> __
> 
> 
> 
> This e-mail and any files transmitted with it are property of 
> Indiana Members Credit Union, are confidential, and are intended 
> solely for the use of the individual or entity to whom this e-mail 
> is addressed. If you are not one of the named recipient(s) or 
> otherwise have reason to believe that you have received this message
> in error, please notify the sender and delete this message 
> immediately from your computer. Any other use, retention, 
> dissemination, forwarding, printing, or copying of this email is 
> strictly prohibited.
> 
> 
> 
> This email has been scanned by the MessageLabs Email Security System.
> 
> For more information please visit http://www.messagelabs.com/email 
> 
> __
> 
> 
> 
> 

> 
> 

> 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

DMZ\Firewall Question

[KC Carter]

I have a server in the DMZ that has no access from our network.  I need
to give access from our domain to a single folder on the server.  What
methods and what ports need to be opened on a firewall to allow a user
to access this folder; either using a browser or My Computer so a domain
user can drop files in the folder and retrieve files from the folder,
while FTP is a great way to do this is there a method of access as
simple as dragging and dropping a file.

 

Any ideas are appreciated

MS 2003 environment & ASA Firewall

 

Thanks,

KC Carter

System Administrator

302-734-1450

[EMAIL PROTECTED]

 

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Joe Heaton]

So I guess what I'm really asking here, now that I'm not trying to bash
Symantec, is this:

 

Are there enough improvements with the new version (mainly overhead,
bloat, etc.) to recommend upgrading to it?  My users' main complaint is
that their computer takes so long to completely boot up in the
morning, and this is because Symantec is doing a startup scan and takes
a huge portion of CPU cycles, which bogs down the entire system.  I
personally would love to tell them not to upgrade, but wait until the
contract ends, and dump Symantec like a hot potato.  But I do like that
we have the one brand for both desktop AV and Exchange AV, and would
like to keep it that way.

 

Joe Heaton



From: Michael Hoffman [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 11:56 AM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I liked the product, it's just that at launch it was too heavy to run on
anything but a dedicated box. As all our clients have SBS we just
renewed and kept them on v.10. The new version is a lot lighter, but I'm
still nervous about older servers and we are looking at a more blended
defence. I'll probably keep renewing my clients for one more year and
then see.

 

Mike 

 

From: Michael Ross [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic.. 

But for email servers, id use trend micro's scanmail. IMHO.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

 

Anyone using this that is happy with it?  Also, is there anyone here
that doesn't think Symantec is a big pile?  I personally hate the
product, and wish that I made the decisions around here, but I don't, so
I have to come up with objective reviews of SEP, and whether or not we
should upgrade from v.10 to the Symantec Mulit-tier protection system,
with SEP, SAV Mobile and Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 

 

 
No virus found in this incoming message. Checked by AVG -
http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.6/1577 -
Release Date: 7/28/2008 6:55 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: DMZ\Firewall Question

[Anatoly Podgoretsky]

Second NIC to LAN

Anatoly Podgoretsky
http://www.podgoretsky.com


  - Original Message - 
  From: KC Carter 
  To: NT System Admin Issues 
  Sent: Monday, July 28, 2008 11:23 PM
  Subject: DMZ\Firewall Question


  I have a server in the DMZ that has no access from our network.  I need to 
give access from our domain to a single folder on the server.  What methods and 
what ports need to be opened on a firewall to allow a user to access this 
folder; either using a browser or My Computer so a domain user can drop files 
in the folder and retrieve files from the folder, while FTP is a great way to 
do this is there a method of access as simple as dragging and dropping a file.

   

  Any ideas are appreciated

  MS 2003 environment & ASA Firewall

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: DMZ\Firewall Question

[Kim Longenbaugh]

That was a joke, right?  

 

How about:

-Create the share on the DMZ server with needed permissions to allow the
user to get to it

-have the user try to open the folder

-note the log entries and use those to configure your rule allowing
access from the users machine to the folder

 



From: Anatoly Podgoretsky [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:58 PM
To: NT System Admin Issues
Subject: Re: DMZ\Firewall Question

 

Second NIC to LAN

 

Anatoly Podgoretsky
http://www.podgoretsky.com

 

 

- Original Message - 

From: KC Carter   

To: NT System Admin Issues
  

Sent: Monday, July 28, 2008 11:23 PM

Subject: DMZ\Firewall Question

 

I have a server in the DMZ that has no access from our network.
I need to give access from our domain to a single folder on the server.
What methods and what ports need to be opened on a firewall to allow a
user to access this folder; either using a browser or My Computer so a
domain user can drop files in the folder and retrieve files from the
folder, while FTP is a great way to do this is there a method of access
as simple as dragging and dropping a file.

 

Any ideas are appreciated

MS 2003 environment & ASA Firewall

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: DMZ\Firewall Question

[NTSysAdmin]

Lol...that's funny.

From: Anatoly Podgoretsky [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 5:58 PM
To: NT System Admin Issues
Subject: Re: DMZ\Firewall Question

Second NIC to LAN

Anatoly Podgoretsky
http://www.podgoretsky.com


- Original Message -
From: KC Carter
To: NT System Admin Issues
Sent: Monday, July 28, 2008 11:23 PM
Subject: DMZ\Firewall Question

I have a server in the DMZ that has no access from our network.  I need to give 
access from our domain to a single folder on the server.  What methods and what 
ports need to be opened on a firewall to allow a user to access this folder; 
either using a browser or My Computer so a domain user can drop files in the 
folder and retrieve files from the folder, while FTP is a great way to do this 
is there a method of access as simple as dragging and dropping a file.

Any ideas are appreciated
MS 2003 environment & ASA Firewall




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

blacklists

[Paul Everett]

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

XP SP3

[Joe Heaton]

Any reason NOT to install this at this point?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Tim Evans]

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: XP SP3

[Sam Cayze]

I looked and looked, couldn't find anything...   haven't WSUS'd it out
yet, just doing a manual installs when I 'touch' or redeploy machines.

 

I like the perf boost I hear about.  Haven't done any internal
benchmarking though.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:43 PM
To: NT System Admin Issues
Subject: XP SP3

 

Any reason NOT to install this at this point?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

ESX/ESXi

[Joe Heaton]

So, from what I've read, the difference between these two is that ESXi
has a smaller footprint.  Is this all I need to consolidate physical
servers, or do I need the Infrastructure 3.0?  Running around 20
physical servers atm, including 2 DCs, Exchange 2K3 box, file server,
print server, web servers and application servers.  Nothing too far out
of the ordinary.  This post is not asking about box requirements to do
this, just if the ESXi is all I would need.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Sam Cayze]

Are you allowing mail relaying on your internal network?

 

ESM>SMTP>Default SMTP>Access>Relay (Any exclusions here at all?)

 

You cannot change the port/25 if you expect to be able to send mail to
other organizations.  You can only change the port if you are passing
emails off to another server, and then that server sends it out.

 

I think it's time to start looking through your SMTP logs on your mail
server.

 

Also, check out http://www.authsmtp.com/

Set your exchange box to send mail through them on a obscure port, and
turn off port 25 on all your firewalls.  I'm not talking zone alarm, I'm
talking about your perimeter hardware firewall.

 

This will get your messages out, and let things calm down to get you off
the blacklists.


Sam

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Paul Everett]

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: XP SP3

[Phil Brutsche]

Don't know of any

Joe Heaton wrote:
> Any reason NOT to install this at this point?

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Tim Evans]

Then forget about the "Set the mail server so that it only accepts mail
from your exchange server" part. Just set your firewall so that it only
accept SMTP mail from that

server. Sorry, but I can't help you on the watchguard config.

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:54 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: XP SP3

[Mark A. Ross]

Iv'e got a good one for you guys that drove me nuts.

Windows Xp SP3 + New NVidia drivers = No Terminal Services.

Mark

-Original Message-
From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:47 PM
To: NT System Admin Issues
Subject: RE: XP SP3

I looked and looked, couldn't find anything...   haven't WSUS'd it out
yet, just doing a manual installs when I 'touch' or redeploy machines.

 

I like the perf boost I hear about.  Haven't done any internal
benchmarking though.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:43 PM
To: NT System Admin Issues
Subject: XP SP3

 

Any reason NOT to install this at this point?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 




~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Paul Everett]

"Are you allowing mail relaying on your internal network?

ESM>SMTP>Default SMTP>Access>Relay (Any exclusions here at all?)"

 

There are no computers listed here, but the box below is checked: Allow
all computers which successfully authenticate to relay, regardless of
the list above.

 

I'll look into that website.

 

Thanks,

 



From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:52 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Are you allowing mail relaying on your internal network?

 

ESM>SMTP>Default SMTP>Access>Relay (Any exclusions here at all?)

 

You cannot change the port/25 if you expect to be able to send mail to
other organizations.  You can only change the port if you are passing
emails off to another server, and then that server sends it out.

 

I think it's time to start looking through your SMTP logs on your mail
server.

 

Also, check out http://www.authsmtp.com/

Set your exchange box to send mail through them on a obscure port, and
turn off port 25 on all your firewalls.  I'm not talking zone alarm, I'm
talking about your perimeter hardware firewall.

 

This will get your messages out, and let things calm down to get you off
the blacklists.


Sam

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Sam Cayze]

"Allow all computers which successfully authenticate to relay"
 
That's fine and dandy.



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:03 PM
To: NT System Admin Issues
Subject: RE: blacklists



"Are you allowing mail relaying on your internal network?

ESM>SMTP>Default SMTP>Access>Relay (Any exclusions here at all?)"

 

There are no computers listed here, but the box below is checked: Allow
all computers which successfully authenticate to relay, regardless of
the list above.

 

I'll look into that website.

 

Thanks,

 



From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:52 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Are you allowing mail relaying on your internal network?

 

ESM>SMTP>Default SMTP>Access>Relay (Any exclusions here at all?)

 

You cannot change the port/25 if you expect to be able to send mail to
other organizations.  You can only change the port if you are passing
emails off to another server, and then that server sends it out.

 

I think it's time to start looking through your SMTP logs on your mail
server.

 

Also, check out http://www.authsmtp.com/

Set your exchange box to send mail through them on a obscure port, and
turn off port 25 on all your firewalls.  I'm not talking zone alarm, I'm
talking about your perimeter hardware firewall.

 

This will get your messages out, and let things calm down to get you off
the blacklists.


Sam

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Roger Wright]

Have you tested for Open Relay?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Paul Everett]

Yes, with MXToolbox everything check out.

 



From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Have you tested for Open Relay?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: XP SP3

[Phil Brutsche]

Really?

I'm using the nVidia drivers from April in my SP3 images without any
problems.

Mark A. Ross wrote:
> Iv'e got a good one for you guys that drove me nuts.
> 
> Windows Xp SP3 + New NVidia drivers = No Terminal Services.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Carl Houseman]

Infected computers use port 25 like everything else.
 
At the firewall create a port 25 outbound rule that only allows the Exchange
server.
BTW your final firewall rule should be to disallow everything that isn't
specifically allowed, right?!
 
At the Exchange server only allow relaying for localhost.
 
Now any outbound spam has no choice to get out except to use MAPI and the
Exchange server, and if such a thing were happening you could track it.
Assuming of course, that the Exchange server itself is clean.
 
Carl

  _  

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists



We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam or
not.  I've requested my ip removed from the blacklists several times, but
after a day or two I'm back on.  I've got a window to post this question
before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to outbound
mail traffic while still letting my Exchange out?  Do infected computers
send email thru port 25 like Exchange?  If so, can I block that port and
change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the mean
time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can catch
any of my local computers scanning my network.  After the install it asked
if I wanted my Outlook to act as a Server.  The info button showed that it
should be ok to do, but I said "no".  My email seems to be working but I
keep getting notifications that ZA is blocking internet access to my
computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

 


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[tgonzalez]

Sounds like a client open with SMTP, I just went through that deal
recently Paul, removed the malicious user from the network

 

As for Barracuda Reputation, GOOD LUCK...we are still on that system
even though I cleared our org from the other lists.

 

 

Thomas

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:15 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Yes, with MXToolbox everything check out.

 



From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Have you tested for Open Relay?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 



This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Girl Scouts of 
Southwest Texas company. Warning: Although precautions have been taken to make 
sure no viruses are present in this email, the company cannot accept 
responsibility for any loss or damage that arise from the use of this email or 
attachments.
~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Dennis Hoefer]

Open Policy Manager on the Watchguard 700, you will have either a proxy
or filter policy for SMTP.  On the "Outgoing" tab, set From: to the IP
address of your mail server and To: to "all"  The default rule is all to
all, which will allow traffic from port 25 to pass from any machine on
your network.  By setting From: to only your mail server IP, you will
block any internal machines that may be attempting to send SMTP traffic
on their own.  You can also set the rule to log denied traffic which
will quickly identify internal machines that are attempting to use port
25.
 
Configuration is a little different on the newer Watchguard boxes, but
should be pretty straight forward on the 700.  If the problem persists,
then you're back to a relay problem or compromised mail server.  
 
Dennis  



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:54 PM
To: NT System Admin Issues
Subject: RE: blacklists



"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 






~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Paul Everett]

Thanks Thomas.

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:21 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like a client open with SMTP, I just went through that deal
recently Paul, removed the malicious user from the network

 

As for Barracuda Reputation, GOOD LUCK...we are still on that system
even though I cleared our org from the other lists.

 

 

Thomas

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:15 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Yes, with MXToolbox everything check out.

 



From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Have you tested for Open Relay?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Girl Scouts of Southwest Texas. Warning: Although
precautions have been taken to make sure no viruses are present in this
email, Girl Scouts of Southwest Texas cannot accept responsibility for
any loss or damage that arise from the use of this email or attachments.

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Simon Butler]

The important thing here is whether your queues in the Exchange server have 
lots of messages in them.
If they are clear, then it is probably not your Exchange server that is being 
abused, but a client. However if you are using a smart host of some kind to 
send email then your server could still be the source of the blacklisting.

Have you checked the blacklist's web sites? Sometimes they will have a copy of 
the message that triggered the listing. Looking at the message you might be 
able to diagnose which machine it is.

I wrote a blog posting on this exact scenario a few months ago. 
http://www.sembee.co.uk/archive/2008/03/13/73.aspx

The fact that you have Symantec on all of your workstations means nothing.
Which product do you think all of the BOT writers test their "product" against 
to see if it will infect the machines? The market leader - Symantec.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/






From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 23:15
To: NT System Admin Issues
Subject: RE: blacklists

Yes, with MXToolbox everything check out.


From: Roger Wright [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

Have you tested for Open Relay?



Roger Wright
Network Administrator
727.572.7076  x388
_


From: Paul Everett [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

We've been finding ourself on some blacklists since last week and have 
basically shut us down.  Specifically Spamhaus and Barracuda's.
I'm not sure if I have an infected computer on my network sending spam or not.  
I've requested my ip removed from the blacklists several times, but after a day 
or two I'm back on.  I've got a window to post this question before it happens 
again.  Here's what I have.
One Domain, two locations connected via PTP T1 (Adtrans).  All Internet access 
is at one location where I have my Mail Server 2003 (Ninja) and a Watchguard 
Firewall.  All clients (about 200) running Symantec AV.
I don't have really the tools or knowledge to run any packet capture software 
(or anything else) to determine if I have an owned machine, but while I am 
working on that is there any way to close my firewall to outbound mail traffic 
while still letting my Exchange out?  Do infected computers send email thru 
port 25 like Exchange?  If so, can I block that port and change the port 
Exchange uses to send?  If so, how?
This may take me awhile, but I'd like to stay off the blacklists in the mean 
time.

One thing I've done is installed Zone Alarm on my pc to see if I can catch any 
of my local computers scanning my network.  After the install it asked if I 
wanted my Outlook to act as a Server.  The info button showed that it should be 
ok to do, but I said "no".  My email seems to be working but I keep getting 
notifications that ZA is blocking internet access to my computer from my mail 
server.  This is probably nothing.

Thanks for any suggestions.

Paul Everett
IS Dept.
Lee Mental Health Center
239-791-1551

"Lee Mental Health Center, Inc. providing services through Ruth Cooper Center 
for Behavioral Health Care and VISTA Behavioral Crisis Services.  Visit our 
website at www.leementalhealth.orghttp://www.leementalhealth.org/> to 
learn more."

Confidentiality Notice:  This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information.  Any unauthorized review, use, disclosure, or 
distribution is prohibited.   If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message, including attachments.














~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: blacklists

[Matt Plahtinsky]

when your setting up the watchguard rule to only allow port 25 from
your mail server, also check log deny on the rule.  You can then set
it up to email you every time the rule is tripped. That will notify
you when it happens and from what ip address.

Matt
- Original message -


Sounds like you may have an infected client o...

Sent from Gmail for mobile

On 7/28/08, Tim Evans <[EMAIL PROTECTED]> wrote:
> Sounds like you may have an infected client on your network that is
> sending outbound spam. Block port 25 at the firewall for all but
> authorized systems (mail server). Set the mail server so that it only
> accepts mail from your exchange server. That should get things cleared
> up enough so that you'll stay off the blacklists and give you some time
> to hunt for the guilty party.
>
>
>
>
>
> ...Tim
>
>
>
> From: Paul Everett [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 2:35 PM
> To: NT System Admin Issues
> Subject: blacklists
>
>
>
> We've been finding ourself on some blacklists since last week and have
> basically shut us down.  Specifically Spamhaus and Barracuda's.
>
> I'm not sure if I have an infected computer on my network sending spam
> or not.  I've requested my ip removed from the blacklists several times,
> but after a day or two I'm back on.  I've got a window to post this
> question before it happens again.  Here's what I have.
>
> One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
> access is at one location where I have my Mail Server 2003 (Ninja) and a
> Watchguard Firewall.  All clients (about 200) running Symantec AV.
>
> I don't have really the tools or knowledge to run any packet capture
> software (or anything else) to determine if I have an owned machine, but
> while I am working on that is there any way to close my firewall to
> outbound mail traffic while still letting my Exchange out?  Do infected
> computers send email thru port 25 like Exchange?  If so, can I block
> that port and change the port Exchange uses to send?  If so, how?
>
> This may take me awhile, but I'd like to stay off the blacklists in the
> mean time.
>
>
>
> One thing I've done is installed Zone Alarm on my pc to see if I can
> catch any of my local computers scanning my network.  After the install
> it asked if I wanted my Outlook to act as a Server.  The info button
> showed that it should be ok to do, but I said "no".  My email seems to
> be working but I keep getting notifications that ZA is blocking internet
> access to my computer from my mail server.  This is probably nothing.
>
>
>
> Thanks for any suggestions.
>
> Paul Everett
> IS Dept.
> Lee Mental Health Center
> 239-791-1551
>
> "Lee Mental Health Center, Inc. providing services through Ruth Cooper
> Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
> Visit our website at www.leementalhealth.org
> http://www.leementalhealth.org/>  to learn more."
>
> Confidentiality Notice:  This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure, or distribution is prohibited.   If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all
> copies of the original message, including attachments.
>
>
>
>
>
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~

-- 
Sent from Gmail for mobile | mobile.google.com

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[tgonzalez]

Paul, run NMAP, I use that once a week to see if any user loads up a new
app and if it enables a port or what, then I shut it down

 

 

Thomas

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:24 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Thanks Thomas.

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:21 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like a client open with SMTP, I just went through that deal
recently Paul, removed the malicious user from the network

 

As for Barracuda Reputation, GOOD LUCK...we are still on that system
even though I cleared our org from the other lists.

 

 

Thomas

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:15 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Yes, with MXToolbox everything check out.

 



From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:11 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Have you tested for Open Relay?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message, including attachments.

 

 

 

 

 

 

 

This email and any attached files are confidential and intended solely
for the intended recipient(s). If you are not the named recipient you
should not read, distribute, copy or alter this email. Any views or
opinions expressed in this email are those of the author and do not
represent those of the Girl Scouts of Southwest Texas. Warning: Although
precautions have been taken to make sure no viruses are present in this
email, Girl Scouts of Southwest Texas cannot accept responsibility for
any loss or damage that arise from the use of this email or attachments.

 

 

 

 



This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the Girl Scouts of 
Southwest Texas company. Warning: Although precautions have been taken to make 
sure no viruses are present in this email, the company cannot accept 
responsibility for any loss or damage that arise from the use of this email or 
attachments.
~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: ESX/ESXi

[Don Ely]

The "i" is for integrated...  Other than that, its the same old ESX...

On Mon, Jul 28, 2008 at 2:50 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:

>  So, from what I've read, the difference between these two is that ESXi
> has a smaller footprint.  Is this all I need to consolidate physical
> servers, or do I need the Infrastructure 3.0?  Running around 20 physical
> servers atm, including 2 DCs, Exchange 2K3 box, file server, print server,
> web servers and application servers.  Nothing too far out of the ordinary.
> This post is not asking about box requirements to do this, just if the ESXi
> is all I would need.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> [EMAIL PROTECTED]
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Michael Hoffman]

You can customise all the options to not do an initial scan and in our
case not use the firewall components. There is a document for SBS
networks which provides a light touch of management - that might be all
you need to protect the clients and it will also give you a good idea of
how to slim down the install package. Skip the basic v11 and go straight
to the latest version - since that upgrade my internal server is now
stable. The AD integration looks seems to work well (small network
experience only though).

 

Mike

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 21:44
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

So I guess what I'm really asking here, now that I'm not trying to bash
Symantec, is this:

 

Are there enough improvements with the new version (mainly overhead,
bloat, etc.) to recommend upgrading to it?  My users' main complaint is
that their computer takes so long to completely boot up in the
morning, and this is because Symantec is doing a startup scan and takes
a huge portion of CPU cycles, which bogs down the entire system.  I
personally would love to tell them not to upgrade, but wait until the
contract ends, and dump Symantec like a hot potato.  But I do like that
we have the one brand for both desktop AV and Exchange AV, and would
like to keep it that way.

 

Joe Heaton



From: Michael Hoffman [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 11:56 AM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I liked the product, it's just that at launch it was too heavy to run on
anything but a dedicated box. As all our clients have SBS we just
renewed and kept them on v.10. The new version is a lot lighter, but I'm
still nervous about older servers and we are looking at a more blended
defence. I'll probably keep renewing my clients for one more year and
then see.

 

Mike 

 

From: Michael Ross [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic.. 

But for email servers, id use trend micro's scanmail. IMHO.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

 

Anyone using this that is happy with it?  Also, is there anyone here
that doesn't think Symantec is a big pile?  I personally hate the
product, and wish that I made the decisions around here, but I don't, so
I have to come up with objective reviews of SEP, and whether or not we
should upgrade from v.10 to the Symantec Mulit-tier protection system,
with SEP, SAV Mobile and Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 

 

 

 

 

No virus found in this incoming message. Checked by AVG -
http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.6/1577 -
Release Date: 7/28/2008 6:55 AM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: ESX/ESXi

[Joe Heaton]

So it is all I need to consolidate my servers, and I don't need
Infrastructure 3.0right?

 

Joe Heaton



From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:29 PM
To: NT System Admin Issues
Subject: Re: ESX/ESXi

 

 
No virus found in this incoming message. Checked by AVG -
http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.6/1577 -
Release Date: 7/28/2008 6:55 AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: XP SP3

[Mark A. Ross]

That'll work. The drivers released in May (I think 5/2) create the
problem.

Mark

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:20 PM
To: NT System Admin Issues
Subject: Re: XP SP3

Really?

I'm using the nVidia drivers from April in my SP3 images without any
problems.

Mark A. Ross wrote:
> Iv'e got a good one for you guys that drove me nuts.
> 
> Windows Xp SP3 + New NVidia drivers = No Terminal Services.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: blacklists

[Paul Everett]

They are proxy's.  I have two defined.  One called SMTP and it has the
incoming set From: any, To: WG ip -> DC (mail gateway).  The outgoing
tab is disabled.

The other proxy is called Filtered-SMTP.  It's Incoming is Disabled and
the Outgoing is set From: Any, To: Any.  I change this From: mail ip,
To: Any.

I've never been able to figure logging on the WG.  I can never find the
logs and for email, I can't find where to set the address??  The WG
interface seems so simple, but it really makes me feel like an idiot at
times.

 

Hope this is good enough damage control for tonight.  I'll be back in
the am to check things and do more investigating.

 

Thanks for all the suggestions.

 

Paul

 



From: Dennis Hoefer [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:24 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Open Policy Manager on the Watchguard 700, you will have either a proxy
or filter policy for SMTP.  On the "Outgoing" tab, set From: to the IP
address of your mail server and To: to "all"  The default rule is all to
all, which will allow traffic from port 25 to pass from any machine on
your network.  By setting From: to only your mail server IP, you will
block any internal machines that may be attempting to send SMTP traffic
on their own.  You can also set the rule to log denied traffic which
will quickly identify internal machines that are attempting to use port
25.

 

Configuration is a little different on the newer Watchguard boxes, but
should be pretty straight forward on the 700.  If the problem persists,
then you're back to a relay problem or compromised mail server.  

 

Dennis  

 



From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 4:54 PM
To: NT System Admin Issues
Subject: RE: blacklists

"Set the mail server so that it only accepts mail from your exchange
server" They are one and the same.  My DC is actually my Mail Gateway
between the WG and Exchange.

"Block port 25 at the firewall for all but authorized systems (mail
server)."  Any idea how to do this on a Watchguard 700?

 

Thanks

 

 



From: Tim Evans [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 5:47 PM
To: NT System Admin Issues
Subject: RE: blacklists

 

Sounds like you may have an infected client on your network that is
sending outbound spam. Block port 25 at the firewall for all but
authorized systems (mail server). Set the mail server so that it only
accepts mail from your exchange server. That should get things cleared
up enough so that you'll stay off the blacklists and give you some time
to hunt for the guilty party.

 

 

...Tim

 

From: Paul Everett [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 2:35 PM
To: NT System Admin Issues
Subject: blacklists

 

We've been finding ourself on some blacklists since last week and have
basically shut us down.  Specifically Spamhaus and Barracuda's. 

I'm not sure if I have an infected computer on my network sending spam
or not.  I've requested my ip removed from the blacklists several times,
but after a day or two I'm back on.  I've got a window to post this
question before it happens again.  Here's what I have.

One Domain, two locations connected via PTP T1 (Adtrans).  All Internet
access is at one location where I have my Mail Server 2003 (Ninja) and a
Watchguard Firewall.  All clients (about 200) running Symantec AV.

I don't have really the tools or knowledge to run any packet capture
software (or anything else) to determine if I have an owned machine, but
while I am working on that is there any way to close my firewall to
outbound mail traffic while still letting my Exchange out?  Do infected
computers send email thru port 25 like Exchange?  If so, can I block
that port and change the port Exchange uses to send?  If so, how?

This may take me awhile, but I'd like to stay off the blacklists in the
mean time.

 

One thing I've done is installed Zone Alarm on my pc to see if I can
catch any of my local computers scanning my network.  After the install
it asked if I wanted my Outlook to act as a Server.  The info button
showed that it should be ok to do, but I said "no".  My email seems to
be working but I keep getting notifications that ZA is blocking internet
access to my computer from my mail server.  This is probably nothing.

 

Thanks for any suggestions.

Paul Everett 
IS Dept. 
Lee Mental Health Center 
239-791-1551 

"Lee Mental Health Center, Inc. providing services through Ruth Cooper
Center for Behavioral Health Care and VISTA Behavioral Crisis Services.
Visit our website at www.leementalhealth.org
http://www.leementalhealth.org/>  to learn more."

Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.   If 

RE: ESX/ESXi

[Martin Blackstone]

You would still need Virtual Center if you wanted to do things like VMotion.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:35 PM
To: NT System Admin Issues
Subject: RE: ESX/ESXi

 

So it is all I need to consolidate my servers, and I don't need
Infrastructure 3.0..right?

 

Joe Heaton

  _  

From: Don Ely [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 3:29 PM
To: NT System Admin Issues
Subject: Re: ESX/ESXi

 

 

 

 

No virus found in this incoming message. Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008
6:55 AM


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Simon Butler]

"But I do like that we have the one brand for both desktop AV and Exchange AV, 
and would like to keep it that way."

You like having a single point of failure for your AV software?

I am the complete opposite to you. I hate having the same brand on Exchange and 
the desktops and will avoid it where possible.

In your current scenario you have one defence system - as both the desktop and 
Exchange AV will be working on the same set of definition files. It gets past 
one it will get past the other and your machines will be infected.

I will leave the Symantec bashing out of it, but will say that I see more 
infected systems that are "protected" by Symantec than any others.

What you should be looking for is to have something different on the Exchange 
server to provide dual levels of protection. Something like GFI Mail Security, 
Microsoft Forefront or the list host's product. Something using multiple 
definition files that are not the same as what you are using now.
The idea being that if one doesn't catch, the other will.

Simon.


--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
http://CertificatesForExchange.com/ for 
certificates from just $23.99.
Need a domain for your certificate? 
http://DomainsForExchange.net/





From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 21:44
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

So I guess what I'm really asking here, now that I'm not trying to bash 
Symantec, is this:

Are there enough improvements with the new version (mainly overhead, bloat, 
etc.) to recommend upgrading to it?  My users' main complaint is that their 
computer takes so long to completely boot up in the morning, and this is 
because Symantec is doing a startup scan and takes a huge portion of CPU 
cycles, which bogs down the entire system.  I personally would love to tell 
them not to upgrade, but wait until the contract ends, and dump Symantec like a 
hot potato.  But I do like that we have the one brand for both desktop AV and 
Exchange AV, and would like to keep it that way.

Joe Heaton

From: Michael Hoffman [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 11:56 AM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

I liked the product, it's just that at launch it was too heavy to run on 
anything but a dedicated box. As all our clients have SBS we just renewed and 
kept them on v.10. The new version is a lot lighter, but I'm still nervous 
about older servers and we are looking at a more blended defence. I'll probably 
keep renewing my clients for one more year and then see.

Mike

From: Michael Ross [mailto:[EMAIL PROTECTED]
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic..
But for email servers, id use trend micro's scanmail. IMHO.

From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

Anyone using this that is happy with it?  Also, is there anyone here that 
doesn't think Symantec is a big pile?  I personally hate the product, and wish 
that I made the decisions around here, but I don't, so I have to come up with 
objective reviews of SEP, and whether or not we should upgrade from v.10 to the 
Symantec Mulit-tier protection system, with SEP, SAV Mobile and Mail Security.

Joe Heaton
AISA
Employment Training Panel
1100 J Street, 4th Floor
Sacramento, CA  95814
(916) 327-5276
[EMAIL PROTECTED]















No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008 6:55 
AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Moving a PowerVault

[Jon Harris]

Depending in the PowerVault it may be both.  Our 201 it was on both and was
still good after a move, but then I blew the drive anyway as the data was
out of date.  Our 220 also had it both places but I did not want the setup
and was changing it any way with adding of drives and other changes.

Jon

On Fri, Jul 25, 2008 at 9:14 AM, John Hornbuckle <
[EMAIL PROTECTED]> wrote:

> The new server has its own controller.
>
> I was thinking that the config info was actually stored in the
> PowerVault, and could be loaded from it on to the new controller. I
> can't recall why I thought that--some past experience I had. It's hazy
> now.
>
> I can rebuild and restore if I have to. But unless there's some
> advantage to doing that, I'd rather not--it would save time and
> headache.
>
>
>
>
> -Original Message-
> From: N Parr [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 9:09 AM
> To: NT System Admin Issues
>  Subject: RE: Moving a PowerVault
>
> If you are moving the controller card along with it then you don't have
> any worries, it contains all the drive configuration.  If you're just
> moving the array then I don't really know.  Someone else could probably
> answer if a similar controller would detect the drive array.  I assume
> it's a Perc card of some sort.  I would probably rebuild and restore
> anyway.  I'm getting ready to do this myself but I'm going to move the
> Perc card with the array. If the Powervault is only half full of drives
> you could split the backplane on the array and put new drives in and
> connect them to your new server and then just move your files over to
> the other server and then decommission or reuse the old drives.
>
> -Original Message-
> From: John Hornbuckle [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 25, 2008 8:03 AM
> To: NT System Admin Issues
> Subject: Moving a PowerVault
>
> I've got a PowerVault SCSI RAID storage system attached to a server
> that's being decommissioned. I want to move it over to a new replacement
> server. I have no experience doing this, and want to make sure I don't
> screw up the RAID configuration and data on it. Any pointers on how to
> do this?
>
>
>
>
> John Hornbuckle
> MIS Department
> Taylor County School District
> 318 North Clark Street
> Perry, FL 32347
>
> www.taylor.k12.fl.us
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Disgruntled Sysadmin

[Jon Harris]

You mean the not so slow circular motion we see is not the world getting to
the bottom of the toilet?

Jon

On Fri, Jul 25, 2008 at 4:39 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> ROFL!
>
> The world will be destroyed by the clueless...
>
> On Fri, Jul 25, 2008 at 1:27 PM, Angus Scott-Fleming
> <[EMAIL PROTECTED]> wrote:
> > On 15 Jul 2008 at 14:14, Jon Harris  wrote:
> >
> >> Besides it is just plain more fun to give them the user ID's and
> >> passwords and let them screw everything up for themselves.
> >
> > Done for him by the SF DA's office:
> >
> > --- Included Stuff Follows ---
> > San Francisco DA discloses city's network passwords | IDGNS | News | July
> 25,
> > 2008 | By Robert McMillan, IDG News Service
> >
> >In its bid to protect the city from one computer security risk, the
> San
> >Francisco District Attorney's Office may very well have created
> another.
> >
> >The office of San Francisco District Attorney Kamala Harris has made
> >public close to 150 usernames and passwords used by various
> departments to
> >connect to the city's virtual private network. The passwords were
> filed
> >this week as Exhibit A in a court document arguing against a reduction
> in
> >$5 million bail in the case of Terry Childs, who is accused of holding
> the
> >city's network hostage by refusing to give up administrative
> networking
> >passwords. Childs was arrested July 12 on charges of computer
> tampering
> >and is being held in the county jail.
> >
> > - Included Stuff Ends -
> > Full story here:
> >
> http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/07/2
> > 5/San_Francisco_DA_discloses_citys_network_passwords_1.html
> > or here if the above wraps unusably: http://preview.tinyurl.com/6k5a2v
> >
> > --
> > Angus Scott-Fleming
> > GeoApps, Tucson, Arizona
> > 1-520-290-5038
> > +---+
> >
> >
> >
> >
> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> > ~   ~
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Dell NVidia GPU problem

[Jon Harris]

Thanks for the heads up I have a couple of the Vostros machines that will
need checking.

Jon

On Mon, Jul 28, 2008 at 7:57 AM, René de Haas <[EMAIL PROTECTED]>wrote:

>  A little heads up:
>
>
>
>
> http://direct2dell.com/one2one/archive/2008/07/25/nvidia-gpu-update-for-dell-laptop-owners.aspx
>
>
>
> If the problem isn't with the D830 or D430 I hardly have a problem, but
> we'll see.
>
>
>
> Regards
>
> René
>
> --
> ***
> The information in this e-mail is confidential and intended solely for the
> individual or entity to whom it is addressed. If you have received this
> e-mail in error please notify the sender by return e-mail delete this e-mail
> and refrain from any disclosure or action based on the information.
> ***
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

OT: HIPAA

[Travis Krampy]

Hi All,

I was hoping someone help me with HIPAA rules and regulations in IT.

I did all kinds of searching and have found many sites with HIPAA info, but 
nothing solid...


Im looking to implement policys, procedures, for HIPAA compliance.

Anything from passwords changes to physical server room security.

Does anyone have any good resources to start looking into this?

Any advise is greatly appreciated!

Travis 



~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: ESX/ESXi

[Kurt Buff]

So, we have two servers running ESX Standard, and we use the VI client
to manage those servers (along with some judicious use of ssh).

If I fire up a machine running the free ESXi, will the VI client allow
me to manage it, or will I need the VMWare Server Console, which I use
to manage my free installation of VMWare server for my desktop use?

I'm looking at this page:
 http://www.vmware.com/products/esxi/features.html

and it looks like it's basically the same as the ESX Standard that we
paid a fair amount for about a year ago.

Now it's free.

Wow.

On Mon, Jul 28, 2008 at 3:28 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> The "i" is for integrated...  Other than that, its the same old ESX...
>
> On Mon, Jul 28, 2008 at 2:50 PM, Joe Heaton <[EMAIL PROTECTED]> wrote:
>>
>> So, from what I've read, the difference between these two is that ESXi has
>> a smaller footprint.  Is this all I need to consolidate physical servers, or
>> do I need the Infrastructure 3.0?  Running around 20 physical servers atm,
>> including 2 DCs, Exchange 2K3 box, file server, print server, web servers
>> and application servers.  Nothing too far out of the ordinary.  This post is
>> not asking about box requirements to do this, just if the ESXi is all I
>> would need.
>>
>>
>>
>> Joe Heaton
>>
>> AISA
>>
>> Employment Training Panel
>>
>> 1100 J Street, 4th Floor
>>
>> Sacramento, CA  95814
>>
>> (916) 327-5276
>>
>> [EMAIL PROTECTED]
>>
>>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Server Colidation via VMWare

[Jon Harris]

It can't or didn't do all machines.  I know I had a lot of issues trying to
use it with SQL being on the machine.  I also had issues with IISv6/FTP with
multiple sites as well.

Jon

On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]> wrote:

>  Yes there is a P2V tool that VMWare has – it lets you make a P2V image
> w/out taking the target system offline – it loads a liitle app then takes a
> snapshot, it's very slick!  IIRC it comes with ESX, but I might be mistaken.
>
>
>
> *Dave Lum*  - Systems Engineer
> [EMAIL PROTECTED] - (971)-222-1025
> *"..*remember that, in the past, those who foolishly sought power by
> riding the back of the tiger ended up inside*"**  - JFK***
>
>
>
>
>
>
>
> *From:* Roger Wright [mailto:[EMAIL PROTECTED]
> *Sent:* Friday, July 25, 2008 8:36 AM
> *To:* NT System Admin Issues
> *Subject:* Server Colidation via VMWare
>
>
>
> We want to take a closer look at server consolidation using VMWare's ESX
> products, especially in light of the recent announcement making the product
> available free.
>
>
>
> We have several servers on old hardware that would be nearly impossible to
> rebuild so we're thinking they're ideal candidates for VM's if there's an
> automated process to migrate P2V.
>
>
>
> Is such a tool available, and at low-cost?
>
>
>
>
>
>
>
> Roger Wright
>
> Network Administrator
>
> 727.572.7076  x388
>
> _
>
>
>
>
>
>
>
>
>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Disgruntled Sysadmin

[Kurt Buff]

Indeed, including the USAF crew found asleep at the missile launch switch...

On Mon, Jul 28, 2008 at 4:40 PM, Jon Harris <[EMAIL PROTECTED]> wrote:
> You mean the not so slow circular motion we see is not the world getting to
> the bottom of the toilet?
>
> Jon
>
> On Fri, Jul 25, 2008 at 4:39 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
>>
>> ROFL!
>>
>> The world will be destroyed by the clueless...
>>
>> On Fri, Jul 25, 2008 at 1:27 PM, Angus Scott-Fleming
>> <[EMAIL PROTECTED]> wrote:
>> > On 15 Jul 2008 at 14:14, Jon Harris  wrote:
>> >
>> >> Besides it is just plain more fun to give them the user ID's and
>> >> passwords and let them screw everything up for themselves.
>> >
>> > Done for him by the SF DA's office:
>> >
>> > --- Included Stuff Follows ---
>> > San Francisco DA discloses city's network passwords | IDGNS | News |
>> > July 25,
>> > 2008 | By Robert McMillan, IDG News Service
>> >
>> >In its bid to protect the city from one computer security risk, the
>> > San
>> >Francisco District Attorney's Office may very well have created
>> > another.
>> >
>> >The office of San Francisco District Attorney Kamala Harris has made
>> >public close to 150 usernames and passwords used by various
>> > departments to
>> >connect to the city's virtual private network. The passwords were
>> > filed
>> >this week as Exhibit A in a court document arguing against a
>> > reduction in
>> >$5 million bail in the case of Terry Childs, who is accused of
>> > holding the
>> >city's network hostage by refusing to give up administrative
>> > networking
>> >passwords. Childs was arrested July 12 on charges of computer
>> > tampering
>> >and is being held in the county jail.
>> >
>> > - Included Stuff Ends -
>> > Full story here:
>> >
>> > http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/07/2
>> > 5/San_Francisco_DA_discloses_citys_network_passwords_1.html
>> > or here if the above wraps unusably: http://preview.tinyurl.com/6k5a2v
>> >
>> > --
>> > Angus Scott-Fleming
>> > GeoApps, Tucson, Arizona
>> > 1-520-290-5038
>> > +---+
>> >
>> >
>> >
>> >
>> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
>> > ~   ~
>> >
>>
>> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
>> ~   ~
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: ESX/ESXi

[Joseph L. Casale]

There are a few diffs not relevant actually that account for the smaller size.
But if your not using a san and have shared storage with the intent to vmotion 
your golden! Its limited to two procs so you may run out of processor.
20 vm's is by no means a small load, not to say it cant be done. Given the 
right hardware and resources its trivial. Watch disk IO, in my experience that 
(besides ram) is what limitation I have run into almost always first.

Given vmware's time on the market, their product is super polished. I have had 
a good chunk of experience with the others, especially the xen based ones 
including the open source xen version and none have an interface as good this. 
It's a real steal for free!

There is no supported cli except for the lame rcli but there is an unobtrusive 
fix for that to get ssh access which IMHO is a must. Then again, Update 2 was 
released as free and I haven't installed it yet. They might have done something 
about that:)

jlc

From: Joe Heaton [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 4:35 PM
To: NT System Admin Issues
Subject: RE: ESX/ESXi

So it is all I need to consolidate my servers, and I don't need Infrastructure 
3.0right?

Joe Heaton

From: Don Ely [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 3:29 PM
To: NT System Admin Issues
Subject: Re: ESX/ESXi






No virus found in this incoming message. Checked by AVG - http://www.avg.com 
Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008 6:55 
AM

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: ESX/ESXi

[Sam Cayze]

Kurt, 
"If I fire up a machine running the free ESXi, will the VI client allow
me to manage it, or will I need the VMWare Server Console"

No, you can use VIC with ESXi. 

-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:14 PM
To: NT System Admin Issues
Subject: Re: ESX/ESXi

So, we have two servers running ESX Standard, and we use the VI client
to manage those servers (along with some judicious use of ssh).

If I fire up a machine running the free ESXi, will the VI client allow
me to manage it, or will I need the VMWare Server Console, which I use
to manage my free installation of VMWare server for my desktop use?

I'm looking at this page:
 http://www.vmware.com/products/esxi/features.html

and it looks like it's basically the same as the ESX Standard that we
paid a fair amount for about a year ago.

Now it's free.

Wow.

On Mon, Jul 28, 2008 at 3:28 PM, Don Ely <[EMAIL PROTECTED]> wrote:
> The "i" is for integrated...  Other than that, its the same old ESX...
>
> On Mon, Jul 28, 2008 at 2:50 PM, Joe Heaton <[EMAIL PROTECTED]>
wrote:
>>
>> So, from what I've read, the difference between these two is that 
>> ESXi has a smaller footprint.  Is this all I need to consolidate 
>> physical servers, or do I need the Infrastructure 3.0?  Running 
>> around 20 physical servers atm, including 2 DCs, Exchange 2K3 box, 
>> file server, print server, web servers and application servers.  
>> Nothing too far out of the ordinary.  This post is not asking about 
>> box requirements to do this, just if the ESXi is all I would need.
>>
>>
>>
>> Joe Heaton
>>
>> AISA
>>
>> Employment Training Panel
>>
>> 1100 J Street, 4th Floor
>>
>> Sacramento, CA  95814
>>
>> (916) 327-5276
>>
>> [EMAIL PROTECTED]
>>
>>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Server Colidation via VMWare

[Sam Cayze]

Good note.  Anything that is running any services like that should be
set to run in Windows Diagnostics Mode via MSCONFIG, or at least
manually stop all non-default services.  Or, use the Cold Boot CD option
in VMware convertor.



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:15 PM
To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare


It can't or didn't do all machines.  I know I had a lot of issues trying
to use it with SQL being on the machine.  I also had issues with
IISv6/FTP with multiple sites as well.
 
Jon


On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]> wrote:


Yes there is a P2V tool that VMWare has - it lets you make a P2V
image w/out taking the target system offline - it loads a liitle app
then takes a snapshot, it's very slick!  IIRC it comes with ESX, but I
might be mistaken.

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"..remember that, in the past, those who foolishly sought power
by riding the back of the tiger ended up inside"  - JFK

 

 

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 8:36 AM
To: NT System Admin Issues
Subject: Server Colidation via VMWare

 

We want to take a closer look at server consolidation using
VMWare's ESX products, especially in light of the recent announcement
making the product available free.  

 

We have several servers on old hardware that would be nearly
impossible to rebuild so we're thinking they're ideal candidates for
VM's if there's an automated process to migrate P2V.  

 

Is such a tool available, and at low-cost?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

 

 















~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: ESX/ESXi

[Kurt Buff]

That just rocks.

I'm definitely stoked.

On Mon, Jul 28, 2008 at 5:20 PM, Sam Cayze <[EMAIL PROTECTED]> wrote:
> Kurt,
> "If I fire up a machine running the free ESXi, will the VI client allow
> me to manage it, or will I need the VMWare Server Console"
>
> No, you can use VIC with ESXi.
>
> -Original Message-
> From: Kurt Buff [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 7:14 PM
> To: NT System Admin Issues
> Subject: Re: ESX/ESXi
>
> So, we have two servers running ESX Standard, and we use the VI client
> to manage those servers (along with some judicious use of ssh).
>
> If I fire up a machine running the free ESXi, will the VI client allow
> me to manage it, or will I need the VMWare Server Console, which I use
> to manage my free installation of VMWare server for my desktop use?
>
> I'm looking at this page:
> http://www.vmware.com/products/esxi/features.html
>
> and it looks like it's basically the same as the ESX Standard that we
> paid a fair amount for about a year ago.
>
> Now it's free.
>
> Wow.
>
> On Mon, Jul 28, 2008 at 3:28 PM, Don Ely <[EMAIL PROTECTED]> wrote:
>> The "i" is for integrated...  Other than that, its the same old ESX...
>>
>> On Mon, Jul 28, 2008 at 2:50 PM, Joe Heaton <[EMAIL PROTECTED]>
> wrote:
>>>
>>> So, from what I've read, the difference between these two is that
>>> ESXi has a smaller footprint.  Is this all I need to consolidate
>>> physical servers, or do I need the Infrastructure 3.0?  Running
>>> around 20 physical servers atm, including 2 DCs, Exchange 2K3 box,
>>> file server, print server, web servers and application servers.
>>> Nothing too far out of the ordinary.  This post is not asking about
>>> box requirements to do this, just if the ESXi is all I would need.
>>>
>>>
>>>
>>> Joe Heaton
>>>
>>> AISA
>>>
>>> Employment Training Panel
>>>
>>> 1100 J Street, 4th Floor
>>>
>>> Sacramento, CA  95814
>>>
>>> (916) 327-5276
>>>
>>> [EMAIL PROTECTED]
>>>
>>>
>>
>>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Disgruntled Sysadmin

[Jon Harris]

Better than playing with the launch switch I would think.

Jon

On Mon, Jul 28, 2008 at 8:16 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:

> Indeed, including the USAF crew found asleep at the missile launch
> switch...
>
> On Mon, Jul 28, 2008 at 4:40 PM, Jon Harris <[EMAIL PROTECTED]> wrote:
> > You mean the not so slow circular motion we see is not the world getting
> to
> > the bottom of the toilet?
> >
> > Jon
> >
> > On Fri, Jul 25, 2008 at 4:39 PM, Kurt Buff <[EMAIL PROTECTED]> wrote:
> >>
> >> ROFL!
> >>
> >> The world will be destroyed by the clueless...
> >>
> >> On Fri, Jul 25, 2008 at 1:27 PM, Angus Scott-Fleming
> >> <[EMAIL PROTECTED]> wrote:
> >> > On 15 Jul 2008 at 14:14, Jon Harris  wrote:
> >> >
> >> >> Besides it is just plain more fun to give them the user ID's and
> >> >> passwords and let them screw everything up for themselves.
> >> >
> >> > Done for him by the SF DA's office:
> >> >
> >> > --- Included Stuff Follows ---
> >> > San Francisco DA discloses city's network passwords | IDGNS | News |
> >> > July 25,
> >> > 2008 | By Robert McMillan, IDG News Service
> >> >
> >> >In its bid to protect the city from one computer security risk, the
> >> > San
> >> >Francisco District Attorney's Office may very well have created
> >> > another.
> >> >
> >> >The office of San Francisco District Attorney Kamala Harris has
> made
> >> >public close to 150 usernames and passwords used by various
> >> > departments to
> >> >connect to the city's virtual private network. The passwords were
> >> > filed
> >> >this week as Exhibit A in a court document arguing against a
> >> > reduction in
> >> >$5 million bail in the case of Terry Childs, who is accused of
> >> > holding the
> >> >city's network hostage by refusing to give up administrative
> >> > networking
> >> >passwords. Childs was arrested July 12 on charges of computer
> >> > tampering
> >> >and is being held in the county jail.
> >> >
> >> > - Included Stuff Ends -
> >> > Full story here:
> >> >
> >> >
> http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/07/2
> >> > 5/San_Francisco_DA_discloses_citys_network_passwords_1.html
> >> > or here if the above wraps unusably:
> http://preview.tinyurl.com/6k5a2v
> >> >
> >> > --
> >> > Angus Scott-Fleming
> >> > GeoApps, Tucson, Arizona
> >> > 1-520-290-5038
> >> > +---+
> >> >
> >> >
> >> >
> >> >
> >> > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> >> > ~   ~
> >> >
> >>
> >> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> >> ~   ~
> >
> >
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Server Colidation via VMWare

[Jon Harris]

During my attempts with SQL all SQL services were set to disabled and
machine restarted.  I also tried doing a cold boot but nothing seemed to
help.  Same thing with the IISv6 with FTP.  I did not try removing all the
IP's from these machines as I had enough issues getting everything working
together in the first place.

Jon

On Mon, Jul 28, 2008 at 8:22 PM, Sam Cayze <[EMAIL PROTECTED]> wrote:

>  Good note.  Anything that is running any services like that should be set
> to run in Windows Diagnostics Mode via MSCONFIG, or at least manually stop
> all non-default services.  Or, use the Cold Boot CD option in VMware
> convertor.
>
>  --
> *From:* Jon Harris [mailto:[EMAIL PROTECTED]
> *Sent:* Monday, July 28, 2008 7:15 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Server Colidation via VMWare
>
>It can't or didn't do all machines.  I know I had a lot of issues
> trying to use it with SQL being on the machine.  I also had issues with
> IISv6/FTP with multiple sites as well.
>
> Jon
>
> On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]> wrote:
>
>>  Yes there is a P2V tool that VMWare has – it lets you make a P2V image
>> w/out taking the target system offline – it loads a liitle app then takes a
>> snapshot, it's very slick!  IIRC it comes with ESX, but I might be mistaken.
>>
>>
>>
>> *Dave Lum*  - Systems Engineer
>> [EMAIL PROTECTED] - (971)-222-1025
>> *"..*remember that, in the past, those who foolishly sought power by
>> riding the back of the tiger ended up inside*"**  - JFK***
>>
>>
>>
>>
>>
>>
>>
>> *From:* Roger Wright [mailto:[EMAIL PROTECTED]
>> *Sent:* Friday, July 25, 2008 8:36 AM
>> *To:* NT System Admin Issues
>> *Subject:* Server Colidation via VMWare
>>
>>
>>
>> We want to take a closer look at server consolidation using VMWare's ESX
>> products, especially in light of the recent announcement making the product
>> available free.
>>
>>
>>
>> We have several servers on old hardware that would be nearly impossible to
>> rebuild so we're thinking they're ideal candidates for VM's if there's an
>> automated process to migrate P2V.
>>
>>
>>
>> Is such a tool available, and at low-cost?
>>
>>
>>
>>
>>
>>
>>
>> Roger Wright
>>
>> Network Administrator
>>
>> 727.572.7076  x388
>>
>> _
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Server Colidation via VMWare

[Sam Cayze]

I think I recall reading once that conversion can mess with the
whitespace in databases (or something like that...).
 
I am curious, as I have a SQL migration coming up.
 
I think I also recall reading that you shouldn't resize any drives that
the SQL are on.  And possibly doing a backup/restore of the DBs after
migration.



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:34 PM
To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare


During my attempts with SQL all SQL services were set to disabled and
machine restarted.  I also tried doing a cold boot but nothing seemed to
help.  Same thing with the IISv6 with FTP.  I did not try removing all
the IP's from these machines as I had enough issues getting everything
working together in the first place.
 
Jon


On Mon, Jul 28, 2008 at 8:22 PM, Sam Cayze <[EMAIL PROTECTED]>
wrote:


Good note.  Anything that is running any services like that
should be set to run in Windows Diagnostics Mode via MSCONFIG, or at
least manually stop all non-default services.  Or, use the Cold Boot CD
option in VMware convertor.



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:15 PM 

To: NT System Admin Issues

Subject: Re: Server Colidation via VMWare


It can't or didn't do all machines.  I know I had a lot of
issues trying to use it with SQL being on the machine.  I also had
issues with IISv6/FTP with multiple sites as well.
 
Jon


On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]>
wrote:


Yes there is a P2V tool that VMWare has - it lets you
make a P2V image w/out taking the target system offline - it loads a
liitle app then takes a snapshot, it's very slick!  IIRC it comes with
ESX, but I might be mistaken.

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"..remember that, in the past, those who foolishly
sought power by riding the back of the tiger ended up inside"  - JFK

 

 

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 8:36 AM
To: NT System Admin Issues
Subject: Server Colidation via VMWare

 

We want to take a closer look at server consolidation
using VMWare's ESX products, especially in light of the recent
announcement making the product available free.  

 

We have several servers on old hardware that would be
nearly impossible to rebuild so we're thinking they're ideal candidates
for VM's if there's an automated process to migrate P2V.  

 

Is such a tool available, and at low-cost?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

 

 















































~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Server Colidation via VMWare

[Joseph L. Casale]

Sam,
Try this: http://www.rtfm-ed.co.uk/?page_id=174

I use this so that I may use native win/nix utils for dumping the disk off a 
physical machine very quickly into the vm, then I boot off a cd and run this. 
Easy and way faster to convert then the vmware tool. I have many issues with 
that tool from bad conversions to IO issues when dumping the data into the vm, 
I gave up on it.

I have an SQL coming up asap but I presume it will work just fine as I will 
ghost/clonezilla the machine which I know works (Its been restored that way 
already before).

jlc

From: Sam Cayze [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 6:51 PM
To: NT System Admin Issues
Subject: RE: Server Colidation via VMWare

I think I recall reading once that conversion can mess with the whitespace in 
databases (or something like that...).

I am curious, as I have a SQL migration coming up.

I think I also recall reading that you shouldn't resize any drives that the SQL 
are on.  And possibly doing a backup/restore of the DBs after migration.


From: Jon Harris [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2008 7:34 PM
To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare
During my attempts with SQL all SQL services were set to disabled and machine 
restarted.  I also tried doing a cold boot but nothing seemed to help.  Same 
thing with the IISv6 with FTP.  I did not try removing all the IP's from these 
machines as I had enough issues getting everything working together in the 
first place.

Jon
On Mon, Jul 28, 2008 at 8:22 PM, Sam Cayze <[EMAIL PROTECTED]> wrote:
Good note.  Anything that is running any services like that should be set to 
run in Windows Diagnostics Mode via MSCONFIG, or at least manually stop all 
non-default services.  Or, use the Cold Boot CD option in VMware convertor.


From: Jon Harris [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 28, 2008 7:15 PM

To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare

It can't or didn't do all machines.  I know I had a lot of issues trying to use 
it with SQL being on the machine.  I also had issues with IISv6/FTP with 
multiple sites as well.

Jon
On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]> wrote:

Yes there is a P2V tool that VMWare has - it lets you make a P2V image w/out 
taking the target system offline - it loads a liitle app then takes a snapshot, 
it's very slick!  IIRC it comes with ESX, but I might be mistaken.



Dave Lum  - Systems Engineer
[EMAIL PROTECTED] - (971)-222-1025
"..remember that, in the past, those who foolishly sought power by riding the 
back of the tiger ended up inside"  - JFK







From: Roger Wright [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 25, 2008 8:36 AM
To: NT System Admin Issues
Subject: Server Colidation via VMWare



We want to take a closer look at server consolidation using VMWare's ESX 
products, especially in light of the recent announcement making the product 
available free.



We have several servers on old hardware that would be nearly impossible to 
rebuild so we're thinking they're ideal candidates for VM's if there's an 
automated process to migrate P2V.



Is such a tool available, and at low-cost?







Roger Wright

Network Administrator

727.572.7076  x388

_
















~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Symantec Endpoint Protection

[Stu Sjouwerman]

Hey, and don't forget Sunbelt's Ninja for the exchange server.
http://www.sunbeltsoftware.com/Business/Ninja-Email-Security/
 
While we are talking, VIPRE Enterprise on the desktop will
prevent those insanely long boot times as well.
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/
 
Simon, ask for a quote. Will make you an offer you cannot refuse.

Warm regards,

Stu
 



From: Simon Butler [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:30 PM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection


"But I do like that we have the one brand for both desktop AV and
Exchange AV, and would like to keep it that way."
 
You like having a single point of failure for your AV software? 
 
I am the complete opposite to you. I hate having the same brand on
Exchange and the desktops and will avoid it where possible. 
 
In your current scenario you have one defence system - as both the
desktop and Exchange AV will be working on the same set of definition
files. It gets past one it will get past the other and your machines
will be infected. 

I will leave the Symantec bashing out of it, but will say that I see
more infected systems that are "protected" by Symantec than any others. 
 
What you should be looking for is to have something different on the
Exchange server to provide dual levels of protection. Something like GFI
Mail Security, Microsoft Forefront or the list host's product. Something
using multiple definition files that are not the same as what you are
using now. 
The idea being that if one doesn't catch, the other will. 
 
Simon. 
 
--
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: [EMAIL PROTECTED]
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile
5.0?
http://CertificatesForExchange.com/ for certificates from just $23.99.
Need a domain for your certificate? http://DomainsForExchange.net/ 

 
 



From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 21:44
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection



So I guess what I'm really asking here, now that I'm not trying to bash
Symantec, is this:

 

Are there enough improvements with the new version (mainly overhead,
bloat, etc.) to recommend upgrading to it?  My users' main complaint is
that their computer takes so long to completely boot up in the
morning, and this is because Symantec is doing a startup scan and takes
a huge portion of CPU cycles, which bogs down the entire system.  I
personally would love to tell them not to upgrade, but wait until the
contract ends, and dump Symantec like a hot potato.  But I do like that
we have the one brand for both desktop AV and Exchange AV, and would
like to keep it that way.

 

Joe Heaton



From: Michael Hoffman [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 11:56 AM
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I liked the product, it's just that at launch it was too heavy to run on
anything but a dedicated box. As all our clients have SBS we just
renewed and kept them on v.10. The new version is a lot lighter, but I'm
still nervous about older servers and we are looking at a more blended
defence. I'll probably keep renewing my clients for one more year and
then see.

 

Mike 

 

From: Michael Ross [mailto:[EMAIL PROTECTED] 
Sent: 28 July 2008 19:11
To: NT System Admin Issues
Subject: RE: Symantec Endpoint Protection

 

I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic.. 

But for email servers, id use trend micro's scanmail. IMHO.

 

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 12:34 PM
To: NT System Admin Issues
Subject: Symantec Endpoint Protection

 

Anyone using this that is happy with it?  Also, is there anyone here
that doesn't think Symantec is a big pile?  I personally hate the
product, and wish that I made the decisions around here, but I don't, so
I have to come up with objective reviews of SEP, and whether or not we
should upgrade from v.10 to the Symantec Mulit-tier protection system,
with SEP, SAV Mobile and Mail Security.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED]

 

 

 

 

 

 

 




No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date:
7/28/2008 6:55 AM






..
~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Server Colidation via VMWare

[Jon B. Lewis]

Second that.  Used it several times and it beats the vmware converter
for me.  

 

Jon Lewis

 

From: Joseph L. Casale [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 8:00 PM
To: NT System Admin Issues
Subject: RE: Server Colidation via VMWare

 

Sam,
Try this: http://www.rtfm-ed.co.uk/?page_id=174

 

I use this so that I may use native win/nix utils for dumping the disk
off a physical machine very quickly into the vm, then I boot off a cd
and run this. Easy and way faster to convert then the vmware tool. I
have many issues with that tool from bad conversions to IO issues when
dumping the data into the vm, I gave up on it.

 

I have an SQL coming up asap but I presume it will work just fine as I
will ghost/clonezilla the machine which I know works (Its been restored
that way already before).

 

jlc

 

From: Sam Cayze [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 6:51 PM
To: NT System Admin Issues
Subject: RE: Server Colidation via VMWare

 

I think I recall reading once that conversion can mess with the
whitespace in databases (or something like that...).

 

I am curious, as I have a SQL migration coming up.

 

I think I also recall reading that you shouldn't resize any drives that
the SQL are on.  And possibly doing a backup/restore of the DBs after
migration.

 



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:34 PM
To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare

During my attempts with SQL all SQL services were set to disabled and
machine restarted.  I also tried doing a cold boot but nothing seemed to
help.  Same thing with the IISv6 with FTP.  I did not try removing all
the IP's from these machines as I had enough issues getting everything
working together in the first place.

 

Jon

On Mon, Jul 28, 2008 at 8:22 PM, Sam Cayze <[EMAIL PROTECTED]>
wrote:

Good note.  Anything that is running any services like that should be
set to run in Windows Diagnostics Mode via MSCONFIG, or at least
manually stop all non-default services.  Or, use the Cold Boot CD option
in VMware convertor.

 



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:15 PM 


To: NT System Admin Issues

Subject: Re: Server Colidation via VMWare

 

It can't or didn't do all machines.  I know I had a lot of issues trying
to use it with SQL being on the machine.  I also had issues with
IISv6/FTP with multiple sites as well.

 

Jon

On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]> wrote:

Yes there is a P2V tool that VMWare has - it lets you make a P2V image
w/out taking the target system offline - it loads a liitle app then
takes a snapshot, it's very slick!  IIRC it comes with ESX, but I might
be mistaken.

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"..remember that, in the past, those who foolishly sought power by
riding the back of the tiger ended up inside"  - JFK

 

 

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 8:36 AM
To: NT System Admin Issues
Subject: Server Colidation via VMWare

 

We want to take a closer look at server consolidation using VMWare's ESX
products, especially in light of the recent announcement making the
product available free.  

 

We have several servers on old hardware that would be nearly impossible
to rebuild so we're thinking they're ideal candidates for VM's if
there's an automated process to migrate P2V.  

 

Is such a tool available, and at low-cost?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

 

 

 

 

 

 

 

 

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

Re: Symantec Endpoint Protection

[Kurt Buff]

Like what? A tool to help uninstall McAfee? That would be nice...

On Mon, Jul 28, 2008 at 6:23 PM, Stu Sjouwerman
<[EMAIL PROTECTED]> wrote:
> Hey, and don't forget Sunbelt's Ninja for the exchange server.
> http://www.sunbeltsoftware.com/Business/Ninja-Email-Security/
>
> While we are talking, VIPRE Enterprise on the desktop will
> prevent those insanely long boot times as well.
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/
>
> Simon, ask for a quote. Will make you an offer you cannot refuse.
> Warm regards,
> Stu
>
> 
> From: Simon Butler [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 6:30 PM
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
> "But I do like that we have the one brand for both desktop AV and Exchange
> AV, and would like to keep it that way."
>
> You like having a single point of failure for your AV software?
>
> I am the complete opposite to you. I hate having the same brand on Exchange
> and the desktops and will avoid it where possible.
>
> In your current scenario you have one defence system - as both the desktop
> and Exchange AV will be working on the same set of definition files. It gets
> past one it will get past the other and your machines will be infected.
>
> I will leave the Symantec bashing out of it, but will say that I see more
> infected systems that are "protected" by Symantec than any others.
>
> What you should be looking for is to have something different on the
> Exchange server to provide dual levels of protection. Something like GFI
> Mail Security, Microsoft Forefront or the list host's product. Something
> using multiple definition files that are not the same as what you are using
> now.
> The idea being that if one doesn't catch, the other will.
>
> Simon.
>
>
> --
> Simon Butler
> MVP: Exchange, MCSE
> Amset IT Solutions Ltd.
>
> e: [EMAIL PROTECTED]
> w: www.amset.co.uk
> w: www.amset.info
>
> Need cheap certificates for Exchange, compatible with Windows Mobile 5.0?
> http://CertificatesForExchange.com/ for certificates from just $23.99.
> Need a domain for your certificate? http://DomainsForExchange.net/
>
>
>
> 
> From: Joe Heaton [mailto:[EMAIL PROTECTED]
> Sent: 28 July 2008 21:44
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
> So I guess what I'm really asking here, now that I'm not trying to bash
> Symantec, is this:
>
>
>
> Are there enough improvements with the new version (mainly overhead, bloat,
> etc.) to recommend upgrading to it?  My users' main complaint is that their
> computer takes so long to completely boot up in the morning, and this is
> because Symantec is doing a startup scan and takes a huge portion of CPU
> cycles, which bogs down the entire system.  I personally would love to tell
> them not to upgrade, but wait until the contract ends, and dump Symantec
> like a hot potato.  But I do like that we have the one brand for both
> desktop AV and Exchange AV, and would like to keep it that way.
>
>
>
> Joe Heaton
>
> 
>
> From: Michael Hoffman [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 11:56 AM
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
>
>
> I liked the product, it's just that at launch it was too heavy to run on
> anything but a dedicated box. As all our clients have SBS we just renewed
> and kept them on v.10. The new version is a lot lighter, but I'm still
> nervous about older servers and we are looking at a more blended defence.
> I'll probably keep renewing my clients for one more year and then see.
>
>
>
> Mike
>
>
>
> From: Michael Ross [mailto:[EMAIL PROTECTED]
> Sent: 28 July 2008 19:11
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
>
>
> I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic..
>
> But for email servers, id use trend micro's scanmail. IMHO.
>
>
>
> From: Joe Heaton [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 12:34 PM
> To: NT System Admin Issues
> Subject: Symantec Endpoint Protection
>
>
>
> Anyone using this that is happy with it?  Also, is there anyone here that
> doesn't think Symantec is a big pile?  I personally hate the product, and
> wish that I made the decisions around here, but I don't, so I have to come
> up with objective reviews of SEP, and whether or not we should upgrade from
> v.10 to the Symantec Mulit-tier protection system, with SEP, SAV Mobile and
> Mail Security.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> [EMAIL PROTECTED]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.138 / Virus Database: 270.5.6/1577 - Release Date: 7/28/2008
> 6:55 AM
>
>
>
>
>
> .
>
>

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ 

RE: Symantec Endpoint Protection

[gsweers]

Oh give me a tool to remove Symantec 9 and 10 and I will have a PO
tomorrow.  Ok, well maybe end of the week..

-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 10:09 PM
To: NT System Admin Issues
Subject: Re: Symantec Endpoint Protection

Like what? A tool to help uninstall McAfee? That would be nice...

On Mon, Jul 28, 2008 at 6:23 PM, Stu Sjouwerman
<[EMAIL PROTECTED]> wrote:
> Hey, and don't forget Sunbelt's Ninja for the exchange server.
> http://www.sunbeltsoftware.com/Business/Ninja-Email-Security/
>
> While we are talking, VIPRE Enterprise on the desktop will
> prevent those insanely long boot times as well.
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/
>
> Simon, ask for a quote. Will make you an offer you cannot refuse.
> Warm regards,
> Stu
>
> 
> From: Simon Butler [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 6:30 PM
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
> "But I do like that we have the one brand for both desktop AV and
Exchange
> AV, and would like to keep it that way."
>
> You like having a single point of failure for your AV software?
>
> I am the complete opposite to you. I hate having the same brand on
Exchange
> and the desktops and will avoid it where possible.
>
> In your current scenario you have one defence system - as both the
desktop
> and Exchange AV will be working on the same set of definition files.
It gets
> past one it will get past the other and your machines will be
infected.
>
> I will leave the Symantec bashing out of it, but will say that I see
more
> infected systems that are "protected" by Symantec than any others.
>
> What you should be looking for is to have something different on the
> Exchange server to provide dual levels of protection. Something like
GFI
> Mail Security, Microsoft Forefront or the list host's product.
Something
> using multiple definition files that are not the same as what you are
using
> now.
> The idea being that if one doesn't catch, the other will.
>
> Simon.
>
>
> --
> Simon Butler
> MVP: Exchange, MCSE
> Amset IT Solutions Ltd.
>
> e: [EMAIL PROTECTED]
> w: www.amset.co.uk
> w: www.amset.info
>
> Need cheap certificates for Exchange, compatible with Windows Mobile
5.0?
> http://CertificatesForExchange.com/ for certificates from just $23.99.
> Need a domain for your certificate? http://DomainsForExchange.net/
>
>
>
> 
> From: Joe Heaton [mailto:[EMAIL PROTECTED]
> Sent: 28 July 2008 21:44
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
> So I guess what I'm really asking here, now that I'm not trying to
bash
> Symantec, is this:
>
>
>
> Are there enough improvements with the new version (mainly overhead,
bloat,
> etc.) to recommend upgrading to it?  My users' main complaint is that
their
> computer takes so long to completely boot up in the morning, and
this is
> because Symantec is doing a startup scan and takes a huge portion of
CPU
> cycles, which bogs down the entire system.  I personally would love to
tell
> them not to upgrade, but wait until the contract ends, and dump
Symantec
> like a hot potato.  But I do like that we have the one brand for both
> desktop AV and Exchange AV, and would like to keep it that way.
>
>
>
> Joe Heaton
>
> 
>
> From: Michael Hoffman [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 11:56 AM
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
>
>
> I liked the product, it's just that at launch it was too heavy to run
on
> anything but a dedicated box. As all our clients have SBS we just
renewed
> and kept them on v.10. The new version is a lot lighter, but I'm still
> nervous about older servers and we are looking at a more blended
defence.
> I'll probably keep renewing my clients for one more year and then see.
>
>
>
> Mike
>
>
>
> From: Michael Ross [mailto:[EMAIL PROTECTED]
> Sent: 28 July 2008 19:11
> To: NT System Admin Issues
> Subject: RE: Symantec Endpoint Protection
>
>
>
> I have v11.. and the latest greatest rendition, MP2 MR1.. fantastic..
>
> But for email servers, id use trend micro's scanmail. IMHO.
>
>
>
> From: Joe Heaton [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 28, 2008 12:34 PM
> To: NT System Admin Issues
> Subject: Symantec Endpoint Protection
>
>
>
> Anyone using this that is happy with it?  Also, is there anyone here
that
> doesn't think Symantec is a big pile?  I personally hate the product,
and
> wish that I made the decisions around here, but I don't, so I have to
come
> up with objective reviews of SEP, and whether or not we should upgrade
from
> v.10 to the Symantec Mulit-tier protection system, with SEP, SAV
Mobile and
> Mail Security.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> [EMAIL PROTECTED]
>
>
>
>
>
>
>
>
>
>
>

RE: Server Colidation via VMWare

[Sam Cayze]

Wow, thanks for sharing.  I actually just came accross that today while
I was googling around for neato VI pluggins.  I will deffidently
bookmark and try it!
Sam



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:34 PM
To: NT System Admin Issues
Subject: Re: Server Colidation via VMWare


During my attempts with SQL all SQL services were set to disabled and
machine restarted.  I also tried doing a cold boot but nothing seemed to
help.  Same thing with the IISv6 with FTP.  I did not try removing all
the IP's from these machines as I had enough issues getting everything
working together in the first place.
 
Jon


On Mon, Jul 28, 2008 at 8:22 PM, Sam Cayze <[EMAIL PROTECTED]>
wrote:


Good note.  Anything that is running any services like that
should be set to run in Windows Diagnostics Mode via MSCONFIG, or at
least manually stop all non-default services.  Or, use the Cold Boot CD
option in VMware convertor.



From: Jon Harris [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 28, 2008 7:15 PM 

To: NT System Admin Issues

Subject: Re: Server Colidation via VMWare


It can't or didn't do all machines.  I know I had a lot of
issues trying to use it with SQL being on the machine.  I also had
issues with IISv6/FTP with multiple sites as well.
 
Jon


On Fri, Jul 25, 2008 at 11:38 AM, David Lum <[EMAIL PROTECTED]>
wrote:


Yes there is a P2V tool that VMWare has - it lets you
make a P2V image w/out taking the target system offline - it loads a
liitle app then takes a snapshot, it's very slick!  IIRC it comes with
ESX, but I might be mistaken.

 

Dave Lum  - Systems Engineer 
[EMAIL PROTECTED] - (971)-222-1025
"..remember that, in the past, those who foolishly
sought power by riding the back of the tiger ended up inside"  - JFK

 

 

 

From: Roger Wright [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 8:36 AM
To: NT System Admin Issues
Subject: Server Colidation via VMWare

 

We want to take a closer look at server consolidation
using VMWare's ESX products, especially in light of the recent
announcement making the product available free.  

 

We have several servers on old hardware that would be
nearly impossible to rebuild so we're thinking they're ideal candidates
for VM's if there's an automated process to migrate P2V.  

 

Is such a tool available, and at low-cost?

 

   

 

Roger Wright

Network Administrator

727.572.7076  x388

_

 

 

 

 















































~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~