Re: SMTSVC ?
From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 03/26/05
- Previous message: razornt: "SMTSVC ?"
- In reply to: razornt: "SMTSVC ?"
- Next in thread: razornt: "Re: SMTSVC ?"
- Reply: razornt: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Mar 2005 00:47:29 GMT
On Fri, 25 Mar 2005 13:45:05 -0800, "razornt"
<razornt@discussions.microsoft.com> wrote:
>Someone is trying to hack our server via SMTPSVC. When I view the event log
>(system) I see Event ID 100 SMTPSVC and a login attempt. However, when I try
>to match the Event log time with the SMTPSVC log time nothing matches.
Are you accounting for the offset from GMT? The SMTP logs are in GMT,
Event logs are usually in local time.
Jeff
> I want
>to block the IP Address of this potential intruder. How do I find the IP
>Address of this potential intruder?
>
>SMTPSVC extended property logs are turned on with client ip, date and time,
>server ip and server port and also user name.
>
>Default SMTP virtual server
>No relay (only the list below) "There is no list"
>Basic and Windows Security package are checked for Authentication
>
>Thanks in advance.
- Previous message: razornt: "SMTSVC ?"
- In reply to: razornt: "SMTSVC ?"
- Next in thread: razornt: "Re: SMTSVC ?"
- Reply: razornt: "Re: SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
