RE: Interesting Observation
- From: "Mark Fugatt" <mark@xxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 10 Jun 2004 16:40:22 -0400
Yep, I was in Eugene, Monday, Tuesday and flew home last night
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, June 10, 2004 4:37 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Interesting Observation
http://www.MSExchange.org/
No. Don't tell me. You were in Oregon on Monday. Dag nab it. So was I. Flew
out at 1:15 PM.
So close, yet so far...
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Thursday, June 10, 2004 1:12 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Interesting Observation
>
> http://www.MSExchange.org/
>
> I agree 100% John, it was a long flight home from Oregon (left at 2am
> and got in my house an 2.30pm), and I was not really thinking clearly
> when I posted :-)
>
> Mark
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, June 10, 2004 4:01 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Interesting Observation
>
> http://www.MSExchange.org/
>
> > I was teaching an Exchange 2003 support class for Symantec this
> > week, so that their gold and platinum support guys had a good
> > understanding of how Exchange really works :-), he talked about log
> > files, and one of the guys asked what would happen if you created a
> > new log file, for example, the
> last
> > log file is E0000001.LOG and you create E0000002.log manually.
> >
> > We tried it to see, and the effect was that the Outlook clients
> > would hang when trying to send mail, until you deleted the manually
> > created log file, the other effect was when you performed an online
> > backup the backup would fail, and then dismount all the Stores in
> > the Storage Group that you were trying to backup, this then led them
> > to ask what type of security risk
> this
> > would be, if someone managed to create a worm that created a log
> > file manually it would bring down all the Stores when you perform a
backup.
>
> 1. The worm would have to reach the server. Defense rule: All
> computers
must
> have AV installed to protect the server itself.
> 2. The worm would have to get past the firewall. Defense rule: All
computers
> must be behind a firewall.
> 3. The worm would have to be executed by e-mail if not through the
firewall.
> Defense ruleA: All incoming e-mail must be scanned for viruses,
> vulnerabilities and possible malicious content, ie executable attachments.
> Defense ruleB: Generally, you should not be viewing e-mail on a server.
>
> So, the way I see it, if the worm is able to execute on the server in
> the first place, you have other problems to deal with.
>
> However, having said that, that is a real problem, although with
> proper defences in place, the probability of it occurring is
> minimized. If there
is
> a way that behavior can be changed/protected, it should be looked into
> and work needed weighted out.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> mark@xxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Other related posts:
