Educause Security Discussion mailing list archives
Re: New e-mail attack using valid webmail accounts
From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Thu, 6 Mar 2008 11:08:13 -0500
We use IPSwitch Whats Up Gold. We have the enterprise version which has an Exchange monitor that will monitor queues. However, I abandoned it and separated the queue monitoring into a WMI monitor in Whats Up Gold, which is all the special enterprise exchange monitor action does anyway. You could do the same with any monitoring tool that is capable of pulling performance counters using WMI or SNMP or even use a VBScript that is fired off using the task scheduler. You will find the performance counter to monitor using WMI under SMTP Server\Remote Queue Length under the instance _Total. There are other queue monitors you can use as well. Here is an article describing a few of them: http://technet.microsoft.com/en-us/library/bb123740(EXCHG.65).aspx Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael H. Martel Sent: Thursday, March 06, 2008 9:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts --On March 5, 2008 9:08:22 PM -0500 "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU> wrote:
Luckily we monitor our queues and were paged when this attack took
place.
We quickly responded by investigating, disabling the account, and then
What do you use to monitor your queues ? This sounds like something a lot of sites should be doing. Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel () vsc edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363
Current thread:
- New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 05)
- <Possible follow-ups>
- Re: New e-mail attack using valid webmail accounts John Ladwig (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Bradley, Stephen W. Mr. (Mar 06)
- Re: New e-mail attack using valid webmail accounts Michael H. Martel (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Bruggeman, John (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 10)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 14)
- New e-mail attack using valid webmail accounts Kenneth Arnold (Mar 14)
- Re: New e-mail attack using valid webmail accounts Brian Friday (Mar 14)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 14)
(Thread continues...)