MS Exchange Server 5.5/ NT User Name Harvesting ?
From: Zero Divide (o0o@hotmail.com)Date: 06/07/02
- Previous message: x30n@hushmail.com: "How to determine when a patch was applied ?"
- Next in thread: Robert Jandacek: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Robert Jandacek: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: H C: "Re: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Edward Cheong: "Re: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Seth Mitchell: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 7 Jun 2002 16:33:18 -0000 From: Zero Divide <o0o@hotmail.com> To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is)
Hello,
I work for a small company with about 100 computers on our network. Our
lone server is running on NT with all the latest hotfixes, service packs,
etc. Our mail server is MS Exchange 5.5, also with all the latest
hotfixes and service packs installed. Due to budgetary constraints
upgrading to newer software is not an option here.
The problem we're having is that everytime one of our employees keeps
his/her computer logged on overnight, crackers are able to harvest the
username and they then proceed to run cracking attempts on it all night.
From the security logs it looks like they are trying to use our mail
server as a spam relay. The only thing thats really stopping them is we
have all user accounts locked out from 5pm-7am. But we really don't know
whats going on during business hours.
We have a Watchguard firewall up and running and its provided us with alot
of information, including the cracker's IP addresses, but we would really
like to know how to stop them from harvesting our Usernames.
The usernames are not guessable, the only common thread that all the
usernames the crackers have harvested have is the fact that the Employee
left his/her computer on all night and logged into the network.
Any suggestions would be most appreciated.
Thanks
- Previous message: x30n@hushmail.com: "How to determine when a patch was applied ?"
- Next in thread: Robert Jandacek: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Robert Jandacek: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: H C: "Re: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Edward Cheong: "Re: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Reply: Seth Mitchell: "RE: MS Exchange Server 5.5/ NT User Name Harvesting ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
