Anatomy of a hack: mail server

Today I’ve been fixing a problem with my mail server after someone “hacked” (cracked) it. I’m reconstructing the chain of events as best I can, but the causality wasn’t obvious at the time. Background: this machine is running Windows Server 2003 SP1 with Exchange Server 2003 SP2. A few weeks ago, someone gained unauthorised access …

Firewall blacklist

One of my current projects is configuring ISA 2004 as a firewall. Without wanting to get sidetracked into advocacy debates, all I’ll say is that: a) It’s a lot better than ISA 2000. b) It’s annoying that it doesn’t support more than one internet connection, so hopefully they’ll fix that in ISA 2006. Anyway, today …