RE: MS Exchange Server 5.5/ NT User Name Harvesting ?

From: Robert Jandacek (robertj@horizononline.com)
Date: 06/07/02 

From: Robert Jandacek <robertj@horizononline.com>
To: 'Zero Divide' <o0o@hotmail.com>, focus-ms@securityfocus.com
Date: Fri, 7 Jun 2002 10:56:04 -0700

With the Watchgaurd you can block specific sites, and since you know what
IP's are causing the problem, you can block those IP's with the WG
;furthermore, any ports that the attacker may be using....------rj

-----Original Message-----
From: Zero Divide [mailto:o0o@hotmail.com]
Sent: Friday, June 07, 2002 9:33 AM
To: focus-ms@securityfocus.com
Subject: MS Exchange Server 5.5/ NT User Name Harvesting ?

Hello,

I work for a small company with about 100 computers on our network. Our
lone server is running on NT with all the latest hotfixes, service packs,
etc. Our mail server is MS Exchange 5.5, also with all the latest
hotfixes and service packs installed. Due to budgetary constraints
upgrading to newer software is not an option here.

The problem we're having is that everytime one of our employees keeps
his/her computer logged on overnight, crackers are able to harvest the
username and they then proceed to run cracking attempts on it all night.
 
From the security logs it looks like they are trying to use our mail
server as a spam relay. The only thing thats really stopping them is we
have all user accounts locked out from 5pm-7am. But we really don't know
whats going on during business hours.

We have a Watchguard firewall up and running and its provided us with alot
of information, including the cracker's IP addresses, but we would really
like to know how to stop them from harvesting our Usernames.

The usernames are not guessable, the only common thread that all the
usernames the crackers have harvested have is the fact that the Employee
left his/her computer on all night and logged into the network.

Any suggestions would be most appreciated.

Thanks

Relevant Pages

  • RE: MS Exchange Server 5.5/ NT User Name Harvesting ?
    ... > attackers are trying to use your exchange server as ... >>server as a spam relay. ... >>like to know how to stop them from harvesting our ... >>The usernames are not guessable, ...
    (Focus-Microsoft)
  • OT: muddleftpd config while running as a normal user
    ... I want to run muddleftpd as a normal user, ... one group is to catch invalid usernames ... # tell the server these usernames are disabled ... # This configures the normal users. ...
    (Ubuntu)
  • RE: [PHP] Re: Securing user table with sha function
    ... needs a client could possibly want in the way of features by modulating each ... So i'm just mainly worried about my host server going down for whatever ... I write a book now about PHP and I want to help people ... if you crypt your usernames, ...
    (php.general)
  • Re: MS Exchange Server 5.5/ NT User Name Harvesting ?
    ... attackers are trying to use your exchange server as a spam relay? ... Our mail server is MS Exchange 5.5, ... >like to know how to stop them from harvesting our Usernames. ...
    (Focus-Microsoft)
  • Re: Apple Mail: Read receipt?
    ... The "server" you'd be DOSing could very well ... be some junky Windows computer in some farmer's house in mid-America, ... For instance, harvesting ... Use a real news client if you want me to see your posts. ...
    (comp.sys.mac.apps)