Re: Buffer OVerflow

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 03/27/03


From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Thu, 27 Mar 2003 15:54:39 -0500


If your exchange server is sending traffic to workstations on TCP port 80,
that doesn't sound like the first thing I would do. First, I would unplug
the server's network connection and use antivirus to determine what virus if
any is on the computer. I would want to determine what is causing this so I
would know what my response should be. These things are what I would do:

http://securityadmin.info/faq.htm#hacked
http://securityadmin.info/faq.htm#re-secure
http://securityadmin.info/faq.htm#harden

I think it's more likely that IIS web services were left enabled on the
Exchange server [such as perhaps for OWA to work] and possibly you have the
Code Red or Nimda worms. This sounds like a worm, and installing the
ntdll.dll patch does not prevent any worms that I know of.

Antivirus may not always detect code red and/or nimda, so you might also
want to search for information on those viruses in a virus database such as
the one at www.sarc.com to see how to recognize and deal with such a virus.

Installing URLScan from www.microsoft.com/technet/security blocks a lot of
these IIS worms.

"Brandon" <bhil21@yahoo.com> wrote in message
news:048301c2f48f$ee7cc450$3301280a@phx.gbl...
> My exchange server is scanning IIS ports on everyones
> machines on the network , when I try to install patches
> usually a file is locked like ntdll.dll or sp3.cab .
> Does anyone know what I can do to stop this
> .
>
>



Relevant Pages

  • Re: Exchange Best Practices Analyzer and SBS?
    ... Try installing the .NET FW 1.1 package over the existing installation. ... that .NET FW doesn't show in Add/Remove Programs ...perhaps it really is ... Uninstall ExBPA. ... environments where you only have a single Exchange server present. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Best Practices Analyzer and SBS?
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... "Gary Karasik" wrote in message ... >> Try installing the .NET FW 1.1 package over the existing installation. ... >> Exchange Server Best Practices Analyzer ...
    (microsoft.public.windows.server.sbs)
  • Exchange 2003 SP1 will not install
    ... Multiple components cannot be assigned the requested actionbecause: ... installing this Microsoft Exchange Server Service Pack. ... before installing this Microsoft Exchange Server Service Pack. ...
    (microsoft.public.exchange.admin)
  • Re: exchange 2003 install
    ... The file is on the Exchange Server 2003 CD in: ... It sounds like you may have Windows Explorer/Tools/Folder Options/View ... > I'm installing exchange 2003 on a windows 2000 server which is also a ... > file is available for download, but it costs $10 to download. ...
    (microsoft.public.exchange.setup)
  • Re: Setting up Exchange so we can check our mail from the web
    ... Outlook Web Access only needs TCP port 80 open to the outside world ... imbound mail to be sent directly to your exchange server, ... The mDaemon program exists on ...
    (microsoft.public.exchange.setup)