Hey Road - I try to mitigate the risk to the admin account by changing the admin account name to something cryptic, and I also give the account a very complex password. Now that the default name for the admin account is no longer valid, all telnet attempts to the "administrator" account will fail. I also have my IDS systems sniff failed FTP logon attempts, which helps me to resolve/trace telnet attacks against the admin aco****.Originally posted here by RoadClosed
I am burnt, fixed and cleaned. I had and authenticated relay so I got had by some poor password maintenance. It looks like the spammer authenticated my local box admin account with a bot. How you ask? Got me didn't know that could be possible through telnet? I now see some lacking in Exchange knowledge that I must fix. I had log entries of //MachineName/Administrator popping up the 1708 id. The cleanup was ugly I am tired so I'll talk more on it tomorrow if anyone want too. You can all beat me with the AO stick of justice.
The view of "an ounce of prevention is worth a pound of cure."
Not trying to be preachy Road. I learned the hard way once also. Grrr!
Reply With Quote