Re: SBS Server seems to have been compromised...HELP!
- From: ashkaan57@xxxxxxxxxxx
- Date: 9 May 2005 07:58:02 -0700
Thanks you all for responding.
It turned out to be an infected workstation that was sending
unsolicired emails. The workstation received an email containing many
email addresses for which the sent emails were bounced. I removed the
infection and have not heard from ISP since.
Thanks again to all you gurus for the feedbacks.
C_O wrote:
> Looks like it is may not be your server that is compromised, but one
of the
> workstations on your LAN. If your ISP can get you a log of the
incident with
> precise time and date, you may be able to find the offending machine
by
> mining your server firewall outgoing logs, which should show the IP
of the
> workstation, and then locate the machine by looking at DHCP logs. You
should
> also block outgoing traffic to ports 135 and 445 on your firewall.
> First thing, though, you may want to physically disconnect all
suspect
> machines from the LAN until you can run a thorough virus scan on
them. By
> now all your workstations might be infected. Machines can also
reinfect each
> other as soon as they are reconnected, unless they are running a good
> resident antivirus.
.
- References:
- SBS Server seems to have been compromised...HELP!
- From: ashkaan57
- Re: SBS Server seems to have been compromised...HELP!
- From: C_O
- SBS Server seems to have been compromised...HELP!
- Prev by Date: Re: Calendar Share with SharePoint Services
- Next by Date: Re: Server might have been compromised - HELP!
- Previous by thread: Re: SBS Server seems to have been compromised...HELP!
- Next by thread: Adding Private IP
- Index(es):
Relevant Pages
|
