Think I've got trouble

From: Katherine Ogden (kogdenat_private)
Date: Wed Jan 09 2002 - 09:00:40 PST

  • Next message: Jose Nazario: "RE: Spoofed scans"

    
     ('binary' encoding is not supported, stored as-is)
    We began having trouble with our exchange server. 
    For no reason we could pin down the OWA would 
    throw up an error and stop the www service.  Being 
    the slightly paranoid sort I downloaded Retina and ran 
    it against the email server.  It showed the usual things 
    but it also showed
    Port 1058 - Nim
    Port 1090 - Xtreme
    
    Two other exchange servers show these ports open.
    Port 1042 - Bla
    Port 1059 - Nimreg
    
    Two questions.  Does anybody know what these
    are?  And am I right in assuming that these machines 
    have been compromised and will need to be rebuilt?
    
    Thank you for the help.
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 13:46:13 PST