Solved

How Block IP traffic on  Exchange 2000 except for needed 25 80?

Posted on 2003-11-12
4
364 Views
Last Modified: 2013-12-04
The Exchange Server is behind a NAT and all I care about is Auto Critical update traffic and SMTP25 and OWA80.

Using a new Linksys BEFVPN41 in Gateway mode. LAN is 10.10.10x.
Wish the linksys had inbound port blocking not just outbound.

I'm seeing outbound traffic to odd ports 33975 57405 and odd IP destinations, I believe spoofed.
Un-used blocks in China, or a bank in Amsterdam. We're in IL USA.

So I want to block all non exchange WAN traffic, except windows auto critical update, and NetShield and Groupshield getting FTP Dat updates.

LANly it is also a W2kAdvSvr DHCP, DNS, AD, and user file storage/sharing.

I know a little about using policies or Rules in RRAS.

I'm looking for somebody that has already locked down his or her Exchange server using policies and or RRAS and can pass on their sweat.

It's for a small non-profit company and I'm only part time for them, and they have a memory problem causing system reboots, keeping me to busy tracking down with poolmon and it is a pain. I'm currently looking at SNMP process handle count steadily climbs 1650 every 5 seconds till service is restarted I don't know if that is normal or not. Was over 400k handles yesterday. The only dependant for the Service is the eventlog. I got to keep searching. I guess it will be another EE collaboration.

I don't want their system being hacked, used as a zombie or pass-through like in old book "The CooCoo's Egg".

Thanks very much in Advance.
0
Comment
Question by:Suburb-Man
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:Luc Franken
Luc Franken earned 100 total points
ID: 9737765
>I'm seeing outbound traffic to odd ports 33975 57405 and odd IP destinations, I believe spoofed.
I suggest you first run a spyware checker and a virusscan on that server.

Spyware/Adware removal tools:
------------------------------
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

Online virus checker
------------------------------
Trend Micro HouseCall : http://housecall.antivirus.com/housecall/start_corp.asp
PC Pitstop Virus Scan : http://www.pcpitstop.com/antivirus/default.asp

LucF
0
 
LVL 5

Accepted Solution

by:
juliancrawford earned 400 total points
ID: 9740268
if you want to stop the traffic just use ipsec policy and stop it at the scket.
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
0
 
LVL 1

Author Comment

by:Suburb-Man
ID: 9750440
Thanks for the prompt responses.

Thanks for Spyware/Adware removal tools links, I’m sorry I didn’t mention that Spybot S&D is installed and that NetShield and GroupShield are NAI-McAfee anti-virus utilities. Both run in the background all the time and do a full scan every night.
All are set to auto retrieve updates/upgrades.

Thanks I forgot about the IPsec blocking at the socket level, and the great link.
This will most defiantly get me well on my way.

Also I did find a nice collaboration about IDS:
http://www.experts-exchange.com/Security/Q_20788052.html

Of course I ideally wanted someone to share with me exactly how and what they did to lock down their Exchange Server.

So 20%-80% point split.
20% because it is always good to look at the possible causes.
80% because it is closest to the answer I wanted, with an A grade.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 9750770
ThanQ
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now