[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Am I really under attack?
Hi All, I think I'm under attack. Someone used my Exchange Server 5.5 as relay agent for huge amount of mails produced from hotmail.com,yahoo.com,exite.com etc. After I came to know that someone used this I got one mail from my ISP which was sent by someone who received it from my mailserver.I surprised when I saw there is my FW NETBIOS name as well as its internal interface's invalid IP address. In FW only there are following rules: 1. ANY MAILSRV SMTP ACCEPT 2. MAILSRV ANY SMTP ACCEPT 3. InternetGr@ANY ANY HTTP USER-AUTH 4. LocalNet ANY HTTPS ACCEPT 5. SecureUsr@NAY LocalNet ANY Client-Encrypt 6. ANY External-wks ANY ACCEPT 7. ANY ANY ANY REJECT And, Today I can't browse any internet sites.But after long diagnosis, it is found that I can ping any sites with its domain name (I refer DNS query from ISP's DNS Server).And it is important to say that I can browse only the unknown sites (i.e not used frequently) only once.Then after I can't even browse this site also even from Gateway.I've no proxy server.I'm using FW's proxy with dynamic NAT. FW-1 4.0 sp6 NT 4.0 sp6a Now I'm able to stop SMTP relay but internet access can't be succeeded.There is no problem in my VPN. connection. Pls suggest me what to do next. Tika Mahata __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|