nanog mailing list archives
Fw: New mail blocks result of Ralsky's latest attacks?
From: "Brian Bruns" <bruns () 2mbit com>
Date: Fri, 10 Oct 2003 11:46:15 -0400
MessageThis is something I sent to someone offlist. I've strpped out his name, etc. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: Brian Bruns To: XXXXX Cc: admins () 2mbit com Sent: Friday, October 10, 2003 11:35 AM Subject: Re: New mail blocks result of Ralsky's latest attacks? Hey XXX, There are a few ways to lock down an Exchange server. Luckily, I used to be an Exchange admin two years ago, so let me quickly dig up my notebook... Ok, first, make sure on your exchange server you have Guest disabled. According to reports, the following usernames are being tested and cracked: abc, web, admin, www, administrator, data, server, backup, master, test, root, webmaster. Basically, if you have any of these accounts active, please make sure they have a strong password on them. Please be careful though when changing them - you'll have to make sure that all services which depend on the account also are updated with the new password. Second, if you don't use SMTP auth, simply disable it. Open the SMTP virtual server properties under Exchange Server Manager, select the Access tab, click Relay in the Relay restrictions group. Clear the check off of "Allow all computers which successfully authenticate, regardless of the list above" You should be in good shape then. On a side note (and I do recommend this to my customers), if you want added security, yeah, you are going to want to use a UNIX/Linux box in front of the exchange server and then relay mail to it. That way, you are less likely to fall victim to Exchange exploits as well. Its not too hard to setup, but takes time. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511
Current thread:
- Re: New mail blocks result of Ralsky's latest attacks?, (continued)
- Re: New mail blocks result of Ralsky's latest attacks? Suresh Ramasubramanian (Oct 10)
- RE: New mail blocks result of Ralsky's latest attacks? Bob German (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Brian Bruns (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Suresh Ramasubramanian (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Andrew D Kirch (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Mike Tancsa (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Suresh Ramasubramanian (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Steven Champeon (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Steven M. Bellovin (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Suresh Ramasubramanian (Oct 10)
- Re: New mail blocks result of Ralsky's latest attacks? Fred Baker (Oct 11)
- Fw: New mail blocks result of Ralsky's latest attacks? Brian Bruns (Oct 10)