| Author |
Message |
cladel
Guest
|
 Posted:
Thu Jan 20, 2005 6:51 am Post subject:
Unusual mapped drive in my exchange server machine --- help |
|
|
I have a problem... I am posting this here in case my exchange server has
been compromised and the problem I am facing is due to an exchange exploit
I have a Server running Nt4.0
Exchange 5.5 - (Sp3 / I just loaded SP4 after noticing the problem described
below)
I hope i wasnt too late
Norton antivirus server 9.0 / and NAV for exchange 5.5
The problem is when I open "my computer" I see a drive "Z" and this drive Z:
is on another server. I assumed that this was a mapped drive. but it does
not have the usual mapped drive icon, and it will not disconnect, when I go
the disconnect drive right-clicks, or pulldowns.
have I been the victim of a hack or exploit in my delay in implementing SP4
or anything else for that matter. All of my NT4 patches are up to date....
but this has me bothered, as the mapped drive is my SQL server drive on my
SQL server machine.
Please help if you can and thany you in advance
|
|
| Back to top |
|
 |
Lanwench [MVP - Exchange]
Guest
|
| Posted:
Thu Jan 20, 2005 7:33 am Post subject:
Re: Unusual mapped drive in my exchange server machine --- |
|
|
cladel wrote:
| Quote: | I have a problem... I am posting this here in case my exchange
server has been compromised and the problem I am facing is due to an
exchange exploit
I have a Server running Nt4.0
Exchange 5.5 - (Sp3 / I just loaded SP4 after noticing the problem
described below)
I hope i wasnt too late
Norton antivirus server 9.0 / and NAV for exchange 5.5
The problem is when I open "my computer" I see a drive "Z" and this
drive Z: is on another server. I assumed that this was a mapped
drive. but it does not have the usual mapped drive icon, and it will
not disconnect, when I go the disconnect drive right-clicks, or
pulldowns.
have I been the victim of a hack or exploit in my delay in
implementing SP4 or anything else for that matter. All of my NT4
patches are up to date.... but this has me bothered, as the mapped
drive is my SQL server drive on my SQL server machine.
Please help if you can and thany you in advance
|
If you go to a command prompt & type
net use <enter>
does it show up?
If so, try
net use z: /del <enter>
As to how it got there - I can't say. The presence of a mapped drive doesn't
sound like an exploit to me; who else has access to this server? What's open
inbound in your firewall? Do you see anything funky in your event logs?
That said - yes, you did wait an awfully long time to apply SP4 - and NT4
should be running SP6 if it isn't. Also, be aware that support for these
versions is over - so you really ought to look into moving to W2003/E2003 as
soon as possible. |
|
| Back to top |
|
|
cladel
Guest
|
| Posted:
Thu Jan 20, 2005 10:01 am Post subject:
Re: Unusual mapped drive in my exchange server machine --- |
|
|
I did that already and I get...
The network connection could not be found.
but sure as crap its still there.
The Nt patches were as up to date as that day, but that for some reason I
didnt get a SP4 disk in my technet, sometime ago...
We cant afford exch 2003, so how about the w2k option? will exch 5.5 run on
that?
"Lanwench [MVP - Exchange]" wrote:
| Quote: | cladel wrote:
I have a problem... I am posting this here in case my exchange
server has been compromised and the problem I am facing is due to an
exchange exploit
I have a Server running Nt4.0
Exchange 5.5 - (Sp3 / I just loaded SP4 after noticing the problem
described below)
I hope i wasnt too late
Norton antivirus server 9.0 / and NAV for exchange 5.5
The problem is when I open "my computer" I see a drive "Z" and this
drive Z: is on another server. I assumed that this was a mapped
drive. but it does not have the usual mapped drive icon, and it will
not disconnect, when I go the disconnect drive right-clicks, or
pulldowns.
have I been the victim of a hack or exploit in my delay in
implementing SP4 or anything else for that matter. All of my NT4
patches are up to date.... but this has me bothered, as the mapped
drive is my SQL server drive on my SQL server machine.
Please help if you can and thany you in advance
If you go to a command prompt & type
net use <enter
does it show up?
If so, try
net use z: /del <enter
As to how it got there - I can't say. The presence of a mapped drive doesn't
sound like an exploit to me; who else has access to this server? What's open
inbound in your firewall? Do you see anything funky in your event logs?
That said - yes, you did wait an awfully long time to apply SP4 - and NT4
should be running SP6 if it isn't. Also, be aware that support for these
versions is over - so you really ought to look into moving to W2003/E2003 as
soon as possible.
|
|
|
| Back to top |
|
|
JeffG
Guest
|
| Posted:
Thu Jan 20, 2005 7:16 pm Post subject:
Re: Unusual mapped drive in my exchange server machine --- |
|
|
Yes, Ex5.5 will run on W2k server, but that's still only delaying the
inevitable...
Something that you might check since the "mapped" drive is to an SQL
server - some backup software uses SQL for logging if it is available,
Not sure if NAV does or not, but maybe it's making a connection during
the backup window for that purpose?
On Wed, 19 Jan 2005 20:01:02 -0800, cladel
<cladel@discussions.microsoft.com> wrote:
| Quote: | I did that already and I get...
The network connection could not be found.
but sure as crap its still there.
The Nt patches were as up to date as that day, but that for some reason I
didnt get a SP4 disk in my technet, sometime ago...
We cant afford exch 2003, so how about the w2k option? will exch 5.5 run on
that?
"Lanwench [MVP - Exchange]" wrote:
cladel wrote:
I have a problem... I am posting this here in case my exchange
server has been compromised and the problem I am facing is due to an
exchange exploit
I have a Server running Nt4.0
Exchange 5.5 - (Sp3 / I just loaded SP4 after noticing the problem
described below)
I hope i wasnt too late
Norton antivirus server 9.0 / and NAV for exchange 5.5
The problem is when I open "my computer" I see a drive "Z" and this
drive Z: is on another server. I assumed that this was a mapped
drive. but it does not have the usual mapped drive icon, and it will
not disconnect, when I go the disconnect drive right-clicks, or
pulldowns.
have I been the victim of a hack or exploit in my delay in
implementing SP4 or anything else for that matter. All of my NT4
patches are up to date.... but this has me bothered, as the mapped
drive is my SQL server drive on my SQL server machine.
Please help if you can and thany you in advance
If you go to a command prompt & type
net use <enter
does it show up?
If so, try
net use z: /del <enter
As to how it got there - I can't say. The presence of a mapped drive doesn't
sound like an exploit to me; who else has access to this server? What's open
inbound in your firewall? Do you see anything funky in your event logs?
That said - yes, you did wait an awfully long time to apply SP4 - and NT4
should be running SP6 if it isn't. Also, be aware that support for these
versions is over - so you really ought to look into moving to W2003/E2003 as
soon as possible.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in