-
August 30th, 2007, 09:40 PM
#11
My suggestion is to walk away...
I have to agree with this. Tell your main admin and let him handle it. Your port scanning from the outside, with out the admin's permission or knowledge is going to do one of two things; piss your admin off cause he thinks he is being attacked, or cause your IDS system to kick in and shut down every outside port (depending on the ids level of course), going into "protection" type status, which will also piss off your admin.
You are going down a road that will most likly end up with you being fired.
You have had fair warning. We (sys admins) don't like when asshats that work for the company take it upon themselves to start doing penetration testing. Personally this is grounds for immediate firing if I ever catch anyone doing this, and I have caught people both inside the network and outside the network trying this over the years. They no longer work for us.
-xmad
-
August 31st, 2007, 07:24 AM
#12
Junior Member
yea... just walk away.
Sadly I can see the wisdom with the advice to forget about it....
I'm not seeing the big picture here. More then likely they already know about the security breach. I'm gonna focus more on learning C.
Thanks for the advice.
FN
-
August 31st, 2007, 08:52 AM
#13
Hmmmm,
More then likely they already know about the security breach. I'm gonna focus more on learning C.
Perhaps you should learn a bit more about your infrastructure and the nature of your industry? I would also recommend systems and process analysis.
You really should start with the problem as it is visualised by your "customers", then work backwards. The problem in this case is spam, and it is coming from your Exchange Server.
This raises a number of questions:
1. Is the origin outside your infrastructure?
2. What is the content of the spam?
3. To whom is it addressed?
I too support hotels, and I can tell you that they are absolute magnets for spam. That is because they are totally promiscuous with their e-mail addresses, and get picked up by spambot harvesters.
The general solution to this is to implement spam filtering, preferably at the server side of the infrastructure.
Whilst having port 4444 open might not be a good idea, it is not the cause of the much more general problem of spam.
As some of my fellow members have suggested, if you go to the server Admin and tell him that port 4444 is open he will probably not be best pleased. On the other hand, if you go to him and tell him that HIS server is spewing spam to YOUR customers and they are p1$$ed about it............ it is a completely different matter.
Trust me, you will learn to love the politics
-
September 1st, 2007, 02:56 AM
#14
Junior Member
That was....
The sound of a hammer hitting a nail on the head.
thanks nihil
FN
-
September 4th, 2007, 07:08 PM
#15
You may not have to walk away just yet. The Wolfman agree's that nmap may be intrusive and trigger your IDS, which in turn will leave your admin with-out a groove and less funktified.
A simple test that may identify the service on port 4444 is telnet.
Code:
telnet 127.0.0.1 4444
You can also try http
Code:
http://127.0.0.1:4444
If the service is offering a banner, or web service, the above techniques may identify the unknown service.
I AM THE WOLFMAN!
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By MrLinus in forum Tech Humor
Replies: 36
Last Post: May 28th, 2004, 08:51 AM
-
By Trust_Not_123 in forum Site Feedback/Questions/Suggestions
Replies: 16
Last Post: May 6th, 2003, 04:46 PM
-
By Cheeseball in forum Other Tutorials Forum
Replies: 10
Last Post: January 9th, 2003, 03:39 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|