Exchange 2000 Server compromised?
Posted on 2007-11-20
When troubleshooting an on-and-off blacklisting issue for one of our clients, I habitually looked at the 'Allowed IPs' in the ESM. What blew my mind was when I found an external IP listed - 220.127.116.11.
Once I removed the IP address, as you may guess the IP address was delisted the same day.
To me, there isn't any logical reason it would be there other than someone purposely placing it there. But why? Puzzling.
It's running on Windows 2000 Sp4
Exchange Server 2000 Sp3
Trend Micro A/V