NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Am I really under attack?



Hi 

Today I saw that there are 3 mails in queue in
Exchange server which are generated from postmaster@FW
to someone else in net.

I think it leacks FW information.I've checked for
trojan horse using cleaner2.

Pls help me..

Best Regards,

Tika
 




--- Dean Cunningham <[email protected]>
wrote:
> 
> I thought the SMTP security server on the firewall
> could strip the headers?
> Just forward all mail from exchange to the security
> server and let it do
> it's thing?
> 
> See Page 123 to 128 of Managing FW1 with the windows
> GUI User Guide
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, 9 January 2001 11:21 AM
> To: Tika Mahata;
> [email protected]
> Subject: Re: [FW1] Am I really under attack?
> 
> 
> 
> Yeah, SMTP headers are great aren't they!!!
> 
> I have not seen too many ways to clean up the
> headers that exchange
> generates.
> I don't know if there is a 3rd party product or
> what, but I am considering
> setting
> up a sendmail box and doing some custom PERL-MX
> scripting to replace all the
> info I don't like with XXX's....
> 
> Anybody else have a solution to prevent exchange
> from producing these
> insightful
> headers? Our exchange guru says there aren't any
> nerd knobs to do it.
> 
> ----- Original Message ----- 
> From: "Tika Mahata" <[email protected]>
> To: <[email protected]>
> Sent: Monday, January 08, 2001 10:14 AM
> Subject: [FW1] Am I really under attack?
> 
> 
> > 
> > Hi All,
> > 
> > I think I'm under attack.
> > 
> > Someone used my Exchange Server 5.5 as relay agent
> for
> > huge amount of mails produced from
> > hotmail.com,yahoo.com,exite.com etc.
> > After I came to know that someone used this I got
> one 
> > mail from my ISP which was sent by someone who
> > received it from my mailserver.I surprised when I
> saw
> > there is my FW NETBIOS name as well as its
> internal
> > interface's invalid IP address.
> > 
> > 
> > 
> > In FW only there are following rules:
> > 
> > 1. ANY MAILSRV SMTP ACCEPT
> > 2. MAILSRV ANY SMTP ACCEPT
> > 3. InternetGr@ANY ANY HTTP USER-AUTH
> > 4. LocalNet ANY HTTPS ACCEPT
> > 5. SecureUsr@NAY LocalNet ANY Client-Encrypt
> > 6. ANY External-wks ANY ACCEPT
> > 7. ANY ANY    ANY REJECT
> >   
> > And,
> > 
> > Today I can't browse any internet sites.But after
> long
> > diagnosis, it is found that I can ping any sites
> with
> > its domain name  (I refer DNS query from   ISP's
> DNS
> > Server).And it is important to say that I can
> browse
> > only the unknown sites (i.e not used frequently)
> only
> > once.Then after I can't even browse this site also
> > even from Gateway.I've no proxy server.I'm using
> FW's
> > proxy with dynamic NAT.
> > 
> > FW-1 4.0 sp6
> > NT 4.0  sp6a
> > 
> > Now I'm able to stop SMTP relay but internet
> access
> > can't be succeeded.There is no problem in my VPN. 
> > connection.
> > 
> > Pls suggest me what to do next.
> > 
> > Tika Mahata
> >   
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> > 
> > 
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please
> see the instructions at
> >               
> http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> > 
> 
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> ***************************************************
> This e-mail is  not an  official  statement of  the
> Waikato  Regional  Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.