Re: Sending to port 25

From: Keith W. McCammon (km@km.com)
Date: 10/17/02

• Next message: andespoint: "Re: ** THANKS Greg ** Security template for windows 2000 server"
• Previous message: swp: "NTrights.exe failure?"
• In reply to: Virna Berlanga: "Re: Sending to port 25"
• Next in thread: Rick Kingslan [MVP 2000/NT]: "Re: Sending to port 25"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Keith W. McCammon" <km@km.com>
Date: Thu, 17 Oct 2002 17:02:51 -0400

1) Pull the plug on the system. It's likely being used to send spam, kiddie
porn, or to attack another network.

2) Make a full backup of the system.

3) Try using fport or a similar tool to track down the application or
executable that has the port open.

4) Try to figure out how it got there, and how it can be removed. Document
this.

5) Reinstall the OS, and rebuild the system. Restore data from your last
known good backup.

6) Patch and test your system.

7) Buy a firewall!!!

8) Put 'er back on the 'net.

--
Keith W. McCammon
"Virna Berlanga" <vberlang@itesm.mx> wrote in message
news:5a2101c27616$ae4c28a0$2ae2c90a@phx.gbl...
Hi!, I understand that is the SMTP service of those
computers (the ones out of my domain), the thing is that I
donīt have any Mail Application running, and my SMTP
Service is off(I mean I turn it off), I also use the
netstat command and my server is still sending the packets.
Thanks.
>-----Original Message-----
>An SMTP server perhaps?  Just a guess...
>
>--
>Keith W. McCammon
>
>
>"Virna Berlanga" <vberlang@itesm.mx> wrote in message
>news:5dc801c27606$3d2f0c10$3bef2ecf@TKMSFTNGXA10...
>My Win 2000 Server itīs sending data to port 25 of another
>servers or machines out of my domain network, this is
>making more traffic in my network as it should be.  I
>didnīt install an application that has to do this. How can
>I detect wich program in my server is sending this data to
>port 25 in other machines?
>
>Thanks for your help.
>
>
>.
>

---

• Next message: andespoint: "Re: ** THANKS Greg ** Security template for windows 2000 server"
• Previous message: swp: "NTrights.exe failure?"
• In reply to: Virna Berlanga: "Re: Sending to port 25"
• Next in thread: Rick Kingslan [MVP 2000/NT]: "Re: Sending to port 25"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: HTTP 404 errors ... NIC (network Interface Card) in our configuration. ... "Company Web Page" or to list the backup results in the "Server ... Backup program is functioninng properly, but the part that lists the results ... Server Management -Backup - Monitoring and Reporting ... (microsoft.public.windows.server.sbs) RE: Printing from Win9x clients stops ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ... (microsoft.public.windows.server.sbs) Re: SRV RRs support in Internet Explorer? ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ... (microsoft.public.win2000.dns) Thanks to All Or How I saved my AD ... and do rebuild of Windows 2000 Server and Service Packs. ... Explorer 5.5, Backup Exec, Diskkeeper and McAfee. ... But Exchange was unable to Mount ... receiving complaints from all over the network about all kinds of problems. ... (microsoft.public.win2000.active_directory) Thanks to All Or How I saved my AD ... and do rebuild of Windows 2000 Server and Service Packs. ... Explorer 5.5, Backup Exec, Diskkeeper and McAfee. ... But Exchange was unable to Mount ... receiving complaints from all over the network about all kinds of problems. ... (microsoft.public.exchange2000.active.directory.integration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)