?
Solved

exchange 2003 NDR Attacks

Posted on 2007-10-19
3
Medium Priority
?
314 Views
Last Modified: 2011-04-14
It appears there are tons of emails trying to be sent out from our system. I opened up these emails and some have a from address of postmaster@ourdomain.com and other from field is black.

This appears to be a NDR attack. Now I know somewhat about the filtering options but we have windows 2000 and it was not suggested to apply any filtering because of AD harvest issues.

Since we do not have windows 2003 to turn on tar pitting option what can I do? This is causing all kinds of bouncebacks to employees trying to say they sent an email to ex-employees that no longer exist.

Our queues are really starting to fill up quickly after I cleared them.
0
Comment
Question by:bman9111
  • 2
3 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 20114856
You have two options really.

1. Move to Exchange 2003 on Windows 2003. Having a eight year old OS in production is not really something that is any good long term.

2. Use a third party tool to provide the recipient filtering and tar pit. Vamsoft ORF will do that for you.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 
LVL 8

Author Comment

by:bman9111
ID: 20115124
these 2 suggestions are my only option then?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20115337
There is nothing else that you can do without the use of third party tools if you receive email directly. NDR attacks rely on the server accepting email for addresses that don't exist and then tries to bounce them back. While you can get Exchange 2003 to refuse for non-existent addresses, that then exposes you to a directory harvest attack.

Simon.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question