Welcome to the African and Caribbean Social network.
You are currently are in guest mode which gives you limited access to view most discussions and access other features. By joining this free African Caribbean Social utility you will have access to post topics, communicate privately with other members (PM), upload images, add videos, respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free, join the African and Caribbean community today!
If you have any problems with the registration process or your account login, please contact contact us.
|
  imported post |
|
|
|
Villager Senior
|
|
Posts: 1,998
Join Date: May 2006
Location: , , USA
|
|
|
imported post -
18-05-06, 07:34 PM
There seems to be a lot smart people in this forum.
Well, I have a tough one. I am administering a relatively small network for a company in Chicago. Some hacker has been able to successfully spoof a user on my network. He sent out an email to another company posing as a person who works here.
We are using Exchange 5.5. And our SMTP service is configured properly.
In order to for a person to use our server to send mail externally, they must first have avalid email address, then they must provide the password to use that address.
Of course, any person sending email to a user on our system can do so without any authentication.
Does anyone here know of hacking methods that allow someone to get around the security that comes with Exchange 5.5?
Thanks in advance.
“If there is no struggle, there is no progress. Those who profess to favor freedom, and deprecate agitation, are men who want crops without plowing up the ground, they want rain without thunder and lightning.
http://www.covenantwithblackamerica.com
|
 |
| imported post |
|
|
|
BNV Managing Editor
|
|
Posts: 4,465
Join Date: Jan 2005
Location: Memphis 10, Tennessee, USA
|
|
|
imported post -
18-05-06, 10:54 PM
Patch your domain server, then patch your workstations as well as Exchange.
Run a virus scan because your users could have trojans. Also, I cannot think of the name of the software but one package checks viruses coming in on user email accounts and rejects the message if an attached virus is detected....
Did your user mistakenly volunteer out his/her pw? Did they open a trojan in an email and that grabbed your exchange servers list of email accounts and send that them back out via your server?
At that point they could have easily modified their email using the gather acct info and sent it from their end. Before you do anything check your logs, you may find what you are looking for there.
It is hard to trouble shoot across this medium but hopefully this basic steps will give you a starting point. IF these all check out we can continue but 9 times out of 10 your users are at fault.......
|
|
| imported post |
|
|
 |
Villager Senior
|
|
Posts: 1,486
Join Date: Aug 2005
Location: With some fine females, rolling on dubz
|
|
|
imported post -
19-05-06, 08:32 PM
safetyblitz wrote:
Quote:
Patch your domain server, then patch your workstations as well as Exchange.
Did your user mistakenly volunteer out his/her pw? Did they open a trojan in an email and that grabbed your exchange servers list of email accounts and send that them back out via your server?
At that point they could have easily modified their email using the gather acct info and sent it from their end. Before you do anything check your logs, you may find what you are looking for there.
It is hard to trouble shoot across this medium but hopefully this basic steps will give you a starting point. IF these all check out we can continue but 9 times out of 10 your users are at fault.......
---
definately most likely cause is "social engineering" i.e. dumb users giving away or being spoofed to give away secure details.
don't forget dumpster diving is a serious risk as well.
|
"I roll with Shaheed and the brotha Abstract" - Phife
|
|
| imported post |
|
|
|
Villager Senior
|
|
Posts: 1,998
Join Date: May 2006
Location: , , USA
|
|
|
imported post -
20-05-06, 05:24 AM
safetyblitz wrote:
Quote:
Patch your domain server, then patch your workstations as well as Exchange.
Run a virus scan because your users could have trojans. Also, I cannot think of the name of the software but one package checks viruses coming in on user email accounts and rejects the message if an attached virus is detected....
Did your user mistakenly volunteer out his/her pw? Did they open a trojan in an email and that grabbed your exchange servers list of email accounts and send that them back out via your server?
At that point they could have easily modified their email using the gather acct info and sent it from their end. Before you do anything check your logs, you may find what you are looking for there.
It is hard to trouble shoot across this medium but hopefully this basic steps will give you a starting point. IF these all check out we can continue but 9 times out of 10 your users are at fault.......
|
Quote:
|
Well, I am running GroupShield. It is running the latest update. As for our workstations, I force them to load the latest patch at login.
|
Quote:
|
Then I had this guy reset his password. It's a possibility that the hacker obtained it somehow.
|
Quote:
Thanks for the info. It's a possibility that he did open an infected email.
|
“If there is no struggle, there is no progress. Those who profess to favor freedom, and deprecate agitation, are men who want crops without plowing up the ground, they want rain without thunder and lightning.
http://www.covenantwithblackamerica.com
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 06:57 AM.
|
Sponsored links
