One of my clients had this issue three months ago. It was a code red worm on
the server (the IIS used for webmail was unpached). On the other hand, it
might be any other worm.
What SP level is your exchange server, do you have an IIS installed, is the
IIS brought to the latest patches level? Do you have netbios shares? Do you
use any server protection product, like Netshield (I remember that
Groupshield and Netshield have problems when are running together)?
Have you tried to monitor the network traffic?

Alexander Poizner
Systems Security Engineer
HIP Interactive Corp.
(416) 249-7555 x206

-----Original Message-----
From: Adkins, Matthew [mailto:MAdkinshcr-manorcare.com]
Sent: Thursday, December 06, 2001 11:38
To: focus-mssecurityfocus.com
Subject: Possible exchange attack

Does anyone know of an issue with Microsoft Exchange server where the server
is slowed down significantly and some messages are sent out a second time an
hour or more after the original?

Running Exchange on NT 4 with MacAfee Groupshield 4.1.50 engine, 4.0.4174
dat file.

Thanks!

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]