How Block IP traffic on Exchange 2000 except for needed 25 80?
Posted on 2003-11-12
The Exchange Server is behind a NAT and all I care about is Auto Critical update traffic and SMTP25 and OWA80.
Using a new Linksys BEFVPN41 in Gateway mode. LAN is 10.10.10x.
Wish the linksys had inbound port blocking not just outbound.
I'm seeing outbound traffic to odd ports 33975 57405 and odd IP destinations, I believe spoofed.
Un-used blocks in China, or a bank in Amsterdam. We're in IL USA.
So I want to block all non exchange WAN traffic, except windows auto critical update, and NetShield and Groupshield getting FTP Dat updates.
LANly it is also a W2kAdvSvr DHCP, DNS, AD, and user file storage/sharing.
I know a little about using policies or Rules in RRAS.
I'm looking for somebody that has already locked down his or her Exchange server using policies and or RRAS and can pass on their sweat.
It's for a small non-profit company and I'm only part time for them, and they have a memory problem causing system reboots, keeping me to busy tracking down with poolmon and it is a pain. I'm currently looking at SNMP process handle count steadily climbs 1650 every 5 seconds till service is restarted I don't know if that is normal or not. Was over 400k handles yesterday. The only dependant for the Service is the eventlog. I got to keep searching. I guess it will be another EE collaboration.
I don't want their system being hacked, used as a zombie or pass-through like in old book "The CooCoo's Egg".
Thanks very much in Advance.