?
Solved

How Block IP traffic on  Exchange 2000 except for needed 25 80?

Posted on 2003-11-12
4
Medium Priority
?
375 Views
Last Modified: 2013-12-04
The Exchange Server is behind a NAT and all I care about is Auto Critical update traffic and SMTP25 and OWA80.

Using a new Linksys BEFVPN41 in Gateway mode. LAN is 10.10.10x.
Wish the linksys had inbound port blocking not just outbound.

I'm seeing outbound traffic to odd ports 33975 57405 and odd IP destinations, I believe spoofed.
Un-used blocks in China, or a bank in Amsterdam. We're in IL USA.

So I want to block all non exchange WAN traffic, except windows auto critical update, and NetShield and Groupshield getting FTP Dat updates.

LANly it is also a W2kAdvSvr DHCP, DNS, AD, and user file storage/sharing.

I know a little about using policies or Rules in RRAS.

I'm looking for somebody that has already locked down his or her Exchange server using policies and or RRAS and can pass on their sweat.

It's for a small non-profit company and I'm only part time for them, and they have a memory problem causing system reboots, keeping me to busy tracking down with poolmon and it is a pain. I'm currently looking at SNMP process handle count steadily climbs 1650 every 5 seconds till service is restarted I don't know if that is normal or not. Was over 400k handles yesterday. The only dependant for the Service is the eventlog. I got to keep searching. I guess it will be another EE collaboration.

I don't want their system being hacked, used as a zombie or pass-through like in old book "The CooCoo's Egg".

Thanks very much in Advance.
0
Comment
Question by:Suburb-Man
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:LucF
LucF earned 400 total points
ID: 9737765
>I'm seeing outbound traffic to odd ports 33975 57405 and odd IP destinations, I believe spoofed.
I suggest you first run a spyware checker and a virusscan on that server.

Spyware/Adware removal tools:
------------------------------
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 
Ad-aware : http://www.webattack.com/download/dladaware.shtml 
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 
KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

Online virus checker
------------------------------
Trend Micro HouseCall : http://housecall.antivirus.com/housecall/start_corp.asp
PC Pitstop Virus Scan : http://www.pcpitstop.com/antivirus/default.asp 

LucF
0
 
LVL 5

Accepted Solution

by:
juliancrawford earned 1600 total points
ID: 9740268
if you want to stop the traffic just use ipsec policy and stop it at the scket.
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
0
 
LVL 1

Author Comment

by:Suburb-Man
ID: 9750440
Thanks for the prompt responses.

Thanks for Spyware/Adware removal tools links, I’m sorry I didn’t mention that Spybot S&D is installed and that NetShield and GroupShield are NAI-McAfee anti-virus utilities. Both run in the background all the time and do a full scan every night.
All are set to auto retrieve updates/upgrades.

Thanks I forgot about the IPsec blocking at the socket level, and the great link.
This will most defiantly get me well on my way.

Also I did find a nice collaboration about IDS:
http://www.experts-exchange.com/Security/Q_20788052.html

Of course I ideally wanted someone to share with me exactly how and what they did to lock down their Exchange Server.

So 20%-80% point split.
20% because it is always good to look at the possible causes.
80% because it is closest to the answer I wanted, with an A grade.
0
 
LVL 32

Expert Comment

by:LucF
ID: 9750770
ThanQ
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
OfficeMate Freezes on login or does not load after login credentials are input.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month10 days, 2 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question