Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1052
  • Last Modified:

Router Log - LAN access from remote

My Router log gives me the following informaion:

-------------------------------
[LAN access from remote] from 198.175.112.105:41587 to XXX.XXX.XXX:25, Friday, April 03,2009 23:56:08 [LAN access from remote] from 83.240.154.46:19641 to XXX.XXX.XXX:25, Friday, April 03,2009 23:50:05 [LAN access from remote] from 92.80.195.77:1858 to XXX.XXX.XXX:25, Friday, April 03,2009 23:38:54 [LAN access from remote] from 201.236.173.91:13502 to XXX.XXX.XXX:25,
------------------------------

XXX.XXX.XXX is the IP of my SBS2003.

I do not recognize the remote IPs. Should I be worried? Does this mean remote access was attempted or succeeded?

If so, what can I do to stop it?
0
hgj1357
Asked:
hgj1357
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
blissbearCommented:
Port 25 is used to run SMTP servers. There are many email spammers out on the internet which regularly scan for open SMTP ports with misconfigured SMTP servers through which they can relay their spam email through.

If you have your SBS2003 box set up to receive email messages for a subnet or dns entry this activity is normal behavior.

If you don't receive email through your SBS2003 box, you can stop this activity by either setting up a firewall filter at your router or through disabling your SMTP server on your SBS2003 box.

If you are using a NAT router for your LAN, it's also likely that the SBS2003 is setting up a uPNP port forward for port 25 to itself.
0
 
hgj1357Author Commented:
SBS is running exchange and accepts email. You're right, port 25.

I'm I correct in thinking that if the SBS is set up correctly I should be ok?
0
 
blissbearCommented:
If your SBS is set up correctly and you have the most recent updates from Microsoft, then you should be fine in my opinion. :)
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
amprantiCommented:
Check your mail server if is an open relay. Apply latest patches.
Use a more sophisticated firewall (doing smtp inspection) and you are fine
0
 
MaerosCommented:
A surefire way to check to see if your SMTP is restricted properly would be to run a quick SMTP test externally.

Try going to the following link and enter your mail server's address.  If your SMTP has been set up correctly, all parts of the test should pass.  The results shouldn't be too difficult to interpret, however to be sure please post the test results.
0
 
MaerosCommented:
Well I suppose it would help if I actually posted the link.  My goof ;)

http://www.mxtoolbox.com/diagnostic.aspx
0
 
hgj1357Author Commented:
I was concerned with the router logs than the mail server but the responses were useful
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now