Re: MS Exchange Server 5.5/ NT User Name Harvesting ?

From: Edward Cheong (ed.cheong@oahucomputers.com)
Date: 06/07/02 

Date: 7 Jun 2002 20:03:50 -0000
From: Edward Cheong <ed.cheong@oahucomputers.com>
To: focus-ms@securityfocus.com
('binary' encoding is not supported, stored as-is) In-Reply-To: <20020607163318.12672.qmail@mail.securityfocus.com>

Hi,

I am experiencing the same problem. How did you determine that the
attackers are trying to use your exchange server as a spam relay? What
signs do you look for (our user has received auto-response replies from a
person she has never sent mail to, but apparently received a spam message
from our user). Could spam be relayed from our mail server using a
particular user as the sender? What other ways are there to find out
information about the users (other than with the Watchguard firewall)?

Thank you very much

>
>Hello,
>
>I work for a small company with about 100 computers on our network. Our
>lone server is running on NT with all the latest hotfixes, service packs,
>etc. Our mail server is MS Exchange 5.5, also with all the latest
>hotfixes and service packs installed. Due to budgetary constraints
>upgrading to newer software is not an option here.
>
>The problem we're having is that everytime one of our employees keeps
>his/her computer logged on overnight, crackers are able to harvest the
>username and they then proceed to run cracking attempts on it all night.
>
>From the security logs it looks like they are trying to use our mail
>server as a spam relay. The only thing thats really stopping them is we
>have all user accounts locked out from 5pm-7am. But we really don't know
>whats going on during business hours.
>
>We have a Watchguard firewall up and running and its provided us with
alot
>of information, including the cracker's IP addresses, but we would really
>like to know how to stop them from harvesting our Usernames.
>
>The usernames are not guessable, the only common thread that all the
>usernames the crackers have harvested have is the fact that the Employee
>left his/her computer on all night and logged into the network.
>
>Any suggestions would be most appreciated.
>
>Thanks
>

Relevant Pages

  • RE: MS Exchange Server 5.5/ NT User Name Harvesting ?
    ... > attackers are trying to use your exchange server as ... >>server as a spam relay. ... >>like to know how to stop them from harvesting our ... >>The usernames are not guessable, ...
    (Focus-Microsoft)
  • RE: MS Exchange Server 5.5/ NT User Name Harvesting ?
    ... MS Exchange Server 5.5/ NT User Name Harvesting? ... attackers are trying to use your exchange server as a spam relay? ... Our mail server is MS Exchange 5.5, ... >like to know how to stop them from harvesting our Usernames. ...
    (Focus-Microsoft)
  • Re: Inter-office Email
    ... Win 2003 server has mail server. ... and virtual SMTP server.). ... In the Pop3 you can chose to have same usernames and pwd, ...
    (microsoft.public.windows.server.general)
  • Re: Outlook wont send large attachments
    ... the one operating your own personal mail server. ... header to the e-mail client while they interrogate the message but that only ... the timeout due to excessive delay. ...
    (microsoft.public.outlook)
  • RE: No delivery report 4.4.7
    ... mail.rabarberlandet.dk is a mail server host on our ISP. ... Please let me know where the mail.rabarberlandet.dk host on. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)