Am I being hacked

TheMSsForum.com: The Microsoft Software Forum

I just got an email spam and it knew my server ip address, my domain name,
my server name, and at the end it wants me to purchase print cartridges, is
this to much info to have for a stranger or is this normal. running SBS2000
with exchange server, using ISA, no SQL server being used. Please advise
Top

Re: Am I being hacked by Damian

Damian
Thu Sep 11 10:25:57 CDT 2003

Hi,

That information is not very hard to collect.

Based on your newsgroup post, I can see that your are using a domain of
"discoverytxxxxxxxxxx.com" (added x's over the rest of the name), from there
I can get your MX records and connect to the server hosting the e-mail, the
name of that server and the local domain is on the banner. So at this point
I know the IP, the name of the server and the local domain.

It is even easier to get the information from an e-mail you may have sent
through your server by just looking at the headers.

Regards,
Damian

--
Damian N. Leibaschoff, MS IST, MCSE
Microsoft Corporation

Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via

your newsreader so that others may learn and benefit

from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
"Jerry P" <jerry@discoverytanktesting.com> wrote in message
news:OvHpJfHeDHA.2324@TK2MSFTNGP11.phx.gbl...
> I just got an email spam and it knew my server ip address, my domain name,
> my server name, and at the end it wants me to purchase print cartridges,
is
> this to much info to have for a stranger or is this normal. running
SBS2000
> with exchange server, using ISA, no SQL server being used. Please advise
>
>


Top

Re: Am I being hacked by Jerry

Jerry
Thu Sep 11 10:38:53 CDT 2003

thank you for replying I feel a lot better now.

"Damian N Leibaschoff [MSFT]" <damianl@online.microsoft.com> wrote in
message news:O6KTAkHeDHA.560@tk2msftngp13.phx.gbl...
> Hi,
>
> That information is not very hard to collect.
>
> Based on your newsgroup post, I can see that your are using a domain of
> "discoverytxxxxxxxxxx.com" (added x's over the rest of the name), from
there
> I can get your MX records and connect to the server hosting the e-mail,
the
> name of that server and the local domain is on the banner. So at this
point
> I know the IP, the name of the server and the local domain.
>
> It is even easier to get the information from an e-mail you may have sent
> through your server by just looking at the headers.
>
> Regards,
> Damian
>
> --
> Damian N. Leibaschoff, MS IST, MCSE
> Microsoft Corporation
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via
>
> your newsreader so that others may learn and benefit
>
> from your issue.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> "Jerry P" <jerry@discoverytanktesting.com> wrote in message
> news:OvHpJfHeDHA.2324@TK2MSFTNGP11.phx.gbl...
> > I just got an email spam and it knew my server ip address, my domain
name,
> > my server name, and at the end it wants me to purchase print cartridges,
> is
> > this to much info to have for a stranger or is this normal. running
> SBS2000
> > with exchange server, using ISA, no SQL server being used. Please
advise
> >
> >
>
>


Top

Re: Am I being hacked by Jerry

Jerry
Thu Sep 11 10:39:28 CDT 2003

Thank you for replyign I feel a lot better now.

"Justin Crosby [MSFT]" <jcrosby@online.microsoft.com> wrote in message
news:%23%23uoBkHeDHA.2300@TK2MSFTNGP10.phx.gbl...
> Jerry,
>
> This information can be collected from the SMTP banner Exchange displays
> when a connection is made to your server on port 25. Having this
> information does not mean you have been hacked.
>
>
> --
> Justin Crosby
> Microsoft SBS Product Support
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Jerry P" <jerry@discoverytanktesting.com> wrote in message
> news:OvHpJfHeDHA.2324@TK2MSFTNGP11.phx.gbl...
> > I just got an email spam and it knew my server ip address, my domain
name,
> > my server name, and at the end it wants me to purchase print cartridges,
> is
> > this to much info to have for a stranger or is this normal. running
> SBS2000
> > with exchange server, using ISA, no SQL server being used. Please
advise
> >
> >
>
>


Top

Re: Am I being hacked by Anonymous

Anonymous
Thu Sep 11 18:10:07 CDT 2003

You can change the header info that Exchange responds with. I forgot how to
it.

Some guru out there can enlighten us?

Roger.

"Jerry P" <jerry@discoverytanktesting.com> wrote in message
news:OvHpJfHeDHA.2324@TK2MSFTNGP11.phx.gbl...
> I just got an email spam and it knew my server ip address, my domain name,
> my server name, and at the end it wants me to purchase print cartridges,
is
> this to much info to have for a stranger or is this normal. running
SBS2000
> with exchange server, using ISA, no SQL server being used. Please advise
>
>


Top