Re: Exchange 2000
From: Andrew Mitchell (amitchel_at_removecasey.vic.gov.au)
Date: 03/16/04
- Next message: jmack_2003_at_yahoo.com: "Administrator password"
- Previous message: suscripciones1: "PKCS#7 request"
- In reply to: Sam Ramsey: "Exchange 2000"
- Next in thread: HG: "Re: Exchange 2000"
- Reply: HG: "Re: Exchange 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Mar 2004 02:31:37 -0800
"Sam Ramsey" <anonymous@discussions.microsoft.com> said
> I have Exchange 2000 with all the latest patches and IIS
> lockdown loaded. I also have a Cisco PIX firewall with
> only port 25 and 80 available on the outside ip address of
> the exchange box.
>
> I just loaded a web monitoring software for our network
> and noticed that exchange box is going to porn web sites
> all day long. I thought it might be monitoring email
> traffic, but that is not case. I assuming some hacker is
> exploiting a vulnerability in Exchange 2000. Possibly IIS
> and port 80 or 25? Is there anything I do about this?
Why is the exchange/IIS server being allowed out on port 80 in the first
place? It has no need for web access and should be blocked at the firewall.
Firewalls aren't just usefull for keeping the baddies out, they are also
useful for stopping stuff escaping your network that has no need to.
Setup a web proxy (with authentication) and only allow traffic from the
proxy server IP out through the firewall on port 80.
Regards
Andy.
- Next message: jmack_2003_at_yahoo.com: "Administrator password"
- Previous message: suscripciones1: "PKCS#7 request"
- In reply to: Sam Ramsey: "Exchange 2000"
- Next in thread: HG: "Re: Exchange 2000"
- Reply: HG: "Re: Exchange 2000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
