Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

event id 1706 1

Status
Not open for further replies.

drrank

IS-IT--Management
Feb 9, 2006
25
ES
Hi,

i recently took administration of an exchange 2000 server on a windows 2000 machine.

i discover my server was being used to send spam (some text in chinese), this was not because of relaying(it is disabled), because to my unknowledge there was a guest account active. I banned that account and spam stopped from being sended. since then i have once or two per day this event in the log

event id 1706

EXPS no puede proporcionar temporalmente la seguridad del protocolo con "mail.travelstore.es". "CSessionContext::OnEXPSInNegotiate" llamó a "HrServerNegotiateAuth", que se cerró con el código de error "0x8009030c" ( y:\transmt\src\smtpsink\exps\expslib\context.cpp@1462 ).

i look at eventid.net, and seems is a failed attempt to log on my server. is there any way to prevent this to happen? is there anything i can do?

thanks in advance
 
setup a packet sniffer and pick the IPs used to connect to your system....then block those IPs with router/firewall or any sort of IP filtering
All the best!

:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Thanks for the advice,

i will now do a packet sniffer on my gateway, and block all unathorized access at the router level. my fear is that the spammer uses dynamic IP and all that effort could be worth nothing.
 
it's all right, if they use dhcp provided by their ISP then block the whole segment (if you do not have any remote users from that ISP)
You can also implement tighter password poclicy/security.
Do a domain clean up for all the rougue accounts.
At the end of the day...'failed logons' is a good thing cause they are not able to use your box.
After they get rejected a few times odds are they will stop.
Look at your smtp log and see where they are sending emails as well...
It is up to your to take this to antoher level.

All the best!

:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top