I noticed today that by 11am our ISP said we had downloaded 230mb data. I
found this because it was a slow adsl connection... I'm in no doubt that
there has been heavy traffic somewhere. They say we've been doing it off
and on for a week. Goodbye $150.00
All our ports are shut to the outside if you scan with say sygate or grc.
Up todate NAV corporate finds nothing anywhere. I did an online av and
trojan scan from Symantec, also clean.
All systems are patched up todate and have had the baseline security and the
lockdown wizard applied.
In the ISA logs I can't find the traffic. I get may be 20 or 30 megs a day
total in and out, which is what I would expect. I am looking in the right
places, I can see the NAV corporate sigs coming in.
Our Dlink 504 router had the remote access turned off. Can anyone suggest
where else I should look for the trouble?
We've had this router about a week... could I have done something idiotic
that would be letting someone direct something through the router?
I should add that exchange is not an open relay; set up as per
msexchange.org, and will not relay in a telnet session. Plus by now I would
be deluged with complaints from the ISP if a gig of open relay had gone
through :-)
I'd be glad of any assistance.
Andrew