Advertisement

02.06.2008 at 08:44AM PST, ID: 23141766
[x]
Attachment Details

Suspicious Outbound SMTP traffic

Asked by master_windu in Windows Network Security Questions, Exchange Email Server, Simple Mail Transfer Protocol (SMTP)

Since yesterday one our our servers (w2k server, exch 2000 sp3) starting transmitting a large amount of data to an ip in Korea. Stopping the smtp service on the server stops the traffic. The messages are coming from one of our users that works at that location and has a mailbox on that server.  the users workstation is powered off yet the traffic continues. The server is fully patched and antivirus is up to date. Antivirus software (trend micro) shows no virus activity, but the security vendor seems to think that there is some malicious code running on the server and reccomends a rebuild and exchange store restore from mondays backup. I am not troubleshooting the problem directly.

Does anyone know what might be happening?Start Free Trial
[+][-]02.06.2008 at 08:57AM PST, ID: 20833588

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 09:16AM PST, ID: 20833762

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 09:23AM PST, ID: 20833816

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 09:25AM PST, ID: 20833843

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 09:34AM PST, ID: 20833924

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 09:49AM PST, ID: 20834063

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 11:01AM PST, ID: 20834651

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.06.2008 at 04:00PM PST, ID: 20836965

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Windows Network Security Questions, Exchange Email Server, Simple Mail Transfer Protocol (SMTP)
Sign Up Now!
Solution Provided By: master_windu
Participating Experts: 5
Solution Grade: B
 
 
[+][-]02.06.2008 at 09:35PM PST, ID: 20838488

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.08.2008 at 04:07PM PST, ID: 20855465

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628