SMTSVC ?
From: razornt (razornt_at_discussions.microsoft.com)
Date: 03/25/05
- Next message: Jeff Cochran: "Re: SMTSVC ?"
- Previous message: Chris Weber [Security MVP]: "Re: OWA Exploit"
- Next in thread: Jeff Cochran: "Re: SMTSVC ?"
- Reply: Jeff Cochran: "Re: SMTSVC ?"
- Reply: Leon Mayne [MVP]: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Mar 2005 13:45:05 -0800
Someone is trying to hack our server via SMTPSVC. When I view the event log
(system) I see Event ID 100 SMTPSVC and a login attempt. However, when I try
to match the Event log time with the SMTPSVC log time nothing matches. I want
to block the IP Address of this potential intruder. How do I find the IP
Address of this potential intruder?
SMTPSVC extended property logs are turned on with client ip, date and time,
server ip and server port and also user name.
Default SMTP virtual server
No relay (only the list below) "There is no list"
Basic and Windows Security package are checked for Authentication
Thanks in advance.
- Next message: Jeff Cochran: "Re: SMTSVC ?"
- Previous message: Chris Weber [Security MVP]: "Re: OWA Exploit"
- Next in thread: Jeff Cochran: "Re: SMTSVC ?"
- Reply: Jeff Cochran: "Re: SMTSVC ?"
- Reply: Leon Mayne [MVP]: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
