At my organization, we run the Microsoft ISA Server to provide controlled internet access on our internal network. This morning when I came in, there was a Windows Messenger Service message on the screen (like from when you use the NET SEND command). It's contents were advertising for college diplomas (almost exactly the same text as some SPAM I've recieved). I'm assuming this means that the ports used for SMB are not being properly blocked from the internet (something that I know needs to be fixed). So, I'm curious, has anyone seen SPAM through the messenger service like this, or should I be concerned about a system compromise? My initial investigation of the machine shows nothing else out of the ordinary. The server is running Windows 2000 Server SP3 with all the latest updates (as of yesterday) installed. The ISA Server is version 3.0.1200.50 (I found there is a newer version out which I plan to upgrade to soon). Thanks for any help you can provide, Scott Reasoner IT Staff Barth Electric Co., Inc. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 08:49:49 PDT