How do I handle this...

Printable View

Show 40 post(s) from this thread on one page

August 30th, 2007, 09:40 PM
xmaddness

Quote:

My suggestion is to walk away...

I have to agree with this. Tell your main admin and let him handle it. Your port scanning from the outside, with out the admin's permission or knowledge is going to do one of two things; piss your admin off cause he thinks he is being attacked, or cause your IDS system to kick in and shut down every outside port (depending on the ids level of course), going into "protection" type status, which will also piss off your admin.

You are going down a road that will most likly end up with you being fired.

You have had fair warning. We (sys admins) don't like when asshats that work for the company take it upon themselves to start doing penetration testing. Personally this is grounds for immediate firing if I ever catch anyone doing this, and I have caught people both inside the network and outside the network trying this over the years. They no longer work for us.

-xmad
August 31st, 2007, 07:24 AM
FNFiveseveN

yea... just walk away.

Sadly I can see the wisdom with the advice to forget about it....

I'm not seeing the big picture here. More then likely they already know about the security breach. I'm gonna focus more on learning C.

Thanks for the advice.

FN
August 31st, 2007, 08:52 AM
nihil

Hmmmm,

Quote:

More then likely they already know about the security breach. I'm gonna focus more on learning C.

Perhaps you should learn a bit more about your infrastructure and the nature of your industry? I would also recommend systems and process analysis.

You really should start with the problem as it is visualised by your "customers", then work backwards. The problem in this case is spam, and it is coming from your Exchange Server.

This raises a number of questions:

1. Is the origin outside your infrastructure?
2. What is the content of the spam?
3. To whom is it addressed?

I too support hotels, and I can tell you that they are absolute magnets for spam. That is because they are totally promiscuous with their e-mail addresses, and get picked up by spambot harvesters.

The general solution to this is to implement spam filtering, preferably at the server side of the infrastructure.

Whilst having port 4444 open might not be a good idea, it is not the cause of the much more general problem of spam.

As some of my fellow members have suggested, if you go to the server Admin and tell him that port 4444 is open he will probably not be best pleased. On the other hand, if you go to him and tell him that HIS server is spewing spam to YOUR customers and they are p1$$ed about it............ it is a completely different matter. ;)

Trust me, you will learn to love the politics :D
September 1st, 2007, 02:56 AM
FNFiveseveN

That was....

The sound of a hammer hitting a nail on the head.

thanks nihil

FN
September 4th, 2007, 07:08 PM
wolfman1984

You may not have to walk away just yet. The Wolfman agree's that nmap may be intrusive and trigger your IDS, which in turn will leave your admin with-out a groove and less funktified.

A simple test that may identify the service on port 4444 is telnet.

Code:

telnet 127.0.0.1 4444

You can also try http

Code:

http://127.0.0.1:4444

If the service is offering a banner, or web service, the above techniques may identify the unknown service.

I AM THE WOLFMAN!

Show 40 post(s) from this thread on one page