Perhaps I missed some of the emails as I dont see any arabic country bashing. I'm sure people from every country been ignorant at one point or another when it comes to security practice, including myself... On to the discussion! Danny pointed out a few very good ideas to start with: 1) Get a firewall; yesterday. If you want a personal recommendation, email me off-list. 2) Read the documentation provided by the firewall vendor. 3) Implement the firewall in the most secure configuration possibly without limiting essential functionality. 4) In future, do not email Microsoft Exchange mailing lists with questions about which hacking tools are recommended to damage your server. On top of this, perhaps a firewall is (for some odd reason) out of the question for the moment. I cant think of any good reasons why spending $500-2000 for a good firewall would be an issue for a 40 person company, but I'll play along... 1) harden your server - lots you can do here but the basics are dont run any services you dont use...turn them all off 2) look into some sort of IDS system - if you cant afford a firewall, I'm not sure what good this will do you 3) You also have a number of different tools to test your server if you like including Nessus, NetRecon, Nmap, SAFEsuite, SATAN (Security Administrator's Tool for Analyzing Networks), SAINT (Security Administrator's Integrated Network Tool), Tiger Tools TigerSuite .... take a look at satan or saint possibly as I believe they both detect issues, explain the problem and its impact, as well as how to fix it I do have to agree with John on this however as I dont think anyone should be jumping onto a production server without some sort of solid background in the matter and thorough research before. Just to clarify, you are also running terminal services on this server box? FYI, giving us the ip would not matter...someone who actually wants to hack your server can easily find it using widely available ip scanning tools... DM -----Original Message----- From: William Lefkovics [mailto:william@xxxxxxxxxxxxxxxxx] Sent: Mon 5/2/2005 11:22 AM To: [ExchangeList] Subject: [exchangelist] Re: Hi http://www.MSExchange.org/ >>It is unfortunately prevalent that people from certain parts of the world think they can just jump into Exchange without the above. I think country of origin has little bearing on this common practice. _____ From: Jason Lehrhoff [mailto:JLehrhoff@xxxxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, May 02, 2005 10:04 AM To: [ExchangeList] Subject: [exchangelist] Re: Hi http://www.MSExchange.org/ Makes a good point.. -Jason _____ From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Monday, May 02, 2005 11:57 AM To: [ExchangeList] Subject: [exchangelist] Re: Hi http://www.MSExchange.org/ The problem is that Exchange is an enterprise class server that runs on top of Windows Server software. As such, BEFORE you can start playing with Exchange, you need to have a good solid fundamental understanding and know-how of Windows Server operating system, general networking, basics of how e-mail work, basic understanding of DNS, basic understanding of the SMTP protocol and last but not least, the will and desire to search and learn. It is unfortunately prevalent that people from certain parts of the world think they can just jump into Exchange without the above. Now, whether the root of that problem is people trying to do things they have no knowledge of or based cheapskate employers pressing employees to do things they do not know how to do, or could it even be people volunteering that they could do this but they really do not have the proper knowledge, or is it a combination of all of those? That is why I jump on people. Now, back to the post in question, if you go and re-read it I do not find a question in there. John T eServices For You -----Original Message----- From: soso bobo [mailto:soso20052006_4@xxxxxxxxx] Sent: Monday, May 02, 2005 7:28 AM To: [ExchangeList] Subject: [exchangelist] Re: Hi http://www.MSExchange.org/ dear All, May i ask you only one question :- why if some one from arabic country asking small questions about any thing, i found that all of the people start fiteing with him as if he did something wrong ? this questions which we are see here its from someone who doesnot have any background at all, and if i was in his Place and asking like this questions , i will find alot of people try to kill me and BUT some comments which is give no answer. i had a problem with my Exchange server , and i was asking for any recommendation, while i was discussing some advanced solutions, and i found alot of people try to make fun on me. can i know why this happen with us , arabic people, espicially from jhon ? i need clear answer for that ? Please , either if the Arabic People have some Problem with them or there is something else / ? is any supervisor for this mailing list to answer me ? please Danny <nocmonkey@xxxxxxxxx> wrote: http://www.MSExchange.org/ On 5/2/05, Skak wrote: > http://www.MSExchange.org/ > > I have Exchange 2000 standard edition installed on win2000 Advance.We have > a small organization with 40 users.Our Exchange real ip address is exposed > to Internet that means I can use my server through Remote desktop > connection software from all over the world.My problem lies here suppose a > hacker gets my real ip address how can he damage my server using different > hacking tools and please do not forget to write the names of tools which > can damage my server. > > Please dont hesitate to ask question except real ip :) 1) Get a firewall; yesterday. If you want a personal recommendation, email me off-list. 2) Read the documentation provided by the firewall vendor. 3) Implement the firewall in the most secure configuration possibly without limiting essential functionality. 4) In future, do not email Microsoft Exchange mailing lists with questions about which hacking tools are recommended to damage your server. ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: devin@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx