Kurbli : ISA Serverhttp://msmvps.com/blogs/kurbli/archive/tags/ISA+Server/default.aspxTags: ISA ServerenCommunityServer 2008.5 SP2 (Build: 40407.4157)Preventing an internal spammer - E-Bitz - SBS MVP the Official Blog of the SBS "Diva"http://msmvps.com/blogs/kurbli/archive/2007/08/13/preventing-an-internal-spammer-e-bitz-sbs-mvp-the-official-blog-of-the-sbs-quot-diva-quot.aspxMon, 13 Aug 2007 11:08:12 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1108712Kurbli0http://msmvps.com/blogs/kurbli/rsscomments.aspx?PostID=1108712http://msmvps.com/blogs/kurbli/archive/2007/08/13/preventing-an-internal-spammer-e-bitz-sbs-mvp-the-official-blog-of-the-sbs-quot-diva-quot.aspx#comments<p>Avagy: a spammerek már a spájzban&nbsp;vannak.</p> <blockquote> <p>So what can you do to proactively prevent a client&#39;s workstation to be turned into a spam spewing beast? <p>Les Connor and ISA Server 2004&nbsp;once again to the rescue: <p>He builds a rule to deny any port 25 transmissions from anything other than the server itself and an internal scanner.<pre><em>Action: Deny, log requests Protocols: Selected : SMTP From: The lan (defined IP address range) Exceptions: SBS, Printer and Scanner IP&#39;s, which are defined specific IP addresses. To: Anywhere (pre-existing destination) Users: All Schedule: Always Caveat, this blocks the use of telnet &lt;external host&gt; 25 from any local machine for troubleshooting purposes, so beware of this if you use it on your <b>*own*</b> network for testing SMTP</em>. <br /><br /></pre><pre>You might also want to build an alert rule when this deny rule kicks in as it would be a sign of infestation.</pre></blockquote> <p><a href="http://msmvps.com/blogs/bradley/archive/2007/08/12/preventing-an-internal-spammer.aspx">Preventing an internal spammer - E-Bitz - SBS MVP the Official Blog of the SBS &quot;Diva&quot;</a></p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1108712" width="1" height="1">SecurityISA ServerISA Server 2006 as a Kitchen Utensil: Part 1 - External Attackshttp://msmvps.com/blogs/kurbli/archive/2006/10/19/ISA-Server-2006-as-a-Kitchen-Utensil_3A00_-Part-1-_2D00_-External-Attacks.aspxThu, 19 Oct 2006 15:29:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:188882Kurbli0http://msmvps.com/blogs/kurbli/rsscomments.aspx?PostID=188882http://msmvps.com/blogs/kurbli/archive/2006/10/19/ISA-Server-2006-as-a-Kitchen-Utensil_3A00_-Part-1-_2D00_-External-Attacks.aspx#comments<p>&nbsp;</p><blockquote><p>This article, part 1 of a two part series on how hackers see our firewalls, takes a look at how ISA Server 2006 reacts to port scans.&nbsp;&nbsp;</p></blockquote><p>Source: <a href="http://www.ISAserver.org/tutorials/ISA-Server-2006-Kitchen-Utensil-Part1.html">ISA Server 2006 as a Kitchen Utensil: Part 1 - External Attacks</a></p><p>Nagyon j&oacute; elk&eacute;pzel&eacute;s, hogy a be&aacute;ll&iacute;t&aacute;sokat r&ouml;gt&ouml;n a m&aacute;sik f&eacute;l szem&eacute;vel is lehet n&eacute;zni, ugyanakkor az ISA Server reakci&oacute;j&aacute;t is lehet l&aacute;tni.</p><img src="http://msmvps.com/aggbug.aspx?PostID=188882" width="1" height="1">SecurityISA Server