Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W32.Sobig.F@mm Block IP 3

Status
Not open for further replies.
paradox17

paradox17

MIS
Oct 28, 2002
33
US
Someone that was infected by the w32.Sobig worm had me in the contacts. Since the email has a spoofed address and all I have is what I belive to be the infected machines IP address how can I block this address in exchange 2000 without 3rd party programs. Also the router/firewall does not block IP its a linksys router. This is a small home network and the budget is very limited at best.

Windows 2000 SP4
Exchange 2000 SP3

Here is a copy of the header to protect the inocent I have replaced the DNS of the exchange server and the source address. However this class B subnet is Qwest and the abuse department has been contacted.


Microsoft Mail Internet Headers Version 2.0
Received: from LARRYXP ([67.40.xxx.xxx]) by exchange01.Somenetwork.com with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 26 Aug 2003 18:25:54 -0400
From: <nadakatrina@aol.com>
To: <someone@somenetwork.com>
Subject: Your details
Date: Tue, 26 Aug 2003 18:03:16 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=&quot;_NextPart_000_000DB449&quot;
Return-Path: nadakatrina@aol.com
Message-ID: <EXCHANGE01jHXwKHvyo00000089@exchange01.Somenetwork.com>
X-OriginalArrivalTime: 26 Aug 2003 22:25:54.0724 (UTC) FILETIME=[03A2FE40:01C36C21]

--_NextPart_000_000DB449
Content-Type: text/plain;
charset=&quot;iso-8859-1&quot;
Content-Transfer-Encoding: 7bit

--_NextPart_000_000DB449
Content-Type: application/octet-stream;
name=&quot;your_document.pif&quot;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=&quot;your_document.pif&quot;


--_NextPart_000_000DB449--

 
Sort by date Sort by votes
Yes! I have the same issues. As they come in I am blocking the IP address for the offending mail server inside my SMTP settings. Open the Exchange System Manager and navigate to your SMTP server. Go into its properties. There is an &quot;access&quot; tab. On that tab is &quot;connection control&quot;. In there there are the option for &quot;which computers may access this virtual server.&quot; You probably have the &quot;All except the list below&quot; option selected. This is good. Here you can add the IP address you want to block. Should work on the fly, at least it &quot;seems&quot; to be working that way for me.

Good Luck!!!!
 
Upvote 0 Downvote
Thanks, I should have known that :)

I have been concentrating on a career change and my IT skills have suffered being out of a corporate environment for some time now.
 
Upvote 0 Downvote
I know how that goes!!!!

Good luck. Can't wait for this thing to be cleaned up.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
3K
Priyanka_Chauhan
Priyanka_Chauhan
joblack23
  • Locked
  • Question
Block network
Replies
1
Views
164
ShackDaddy
ShackDaddy
TomTV
  • Locked
  • Question
Block attendees video in Lync 2013 conference
Replies
0
Views
173
TomTV
TomTV
NickMDal
  • Locked
  • Question
PTR records with private IP server
Replies
4
Views
280
ShackDaddy
ShackDaddy
stergiosnik
  • Locked
  • Question
Block Exchange 2003 from sending emails to internal users
Replies
1
Views
204
ShackDaddy
ShackDaddy

Part and Inventory Search

Sponsor

Back
Top