Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Issue with HTTPS

Status
Not open for further replies.

Davetoo

IS-IT--Management
Oct 30, 2002
4,498
US
As usually happens, I was investigating one thing, and discovered something else in the process. Long story short, I have spammers attempting to connect to my mail server via port 443, https, which of course is used for OWA, etc. Right at this moment I have about 30 connections that I'm watching via my firewall software.

Question is...other than load, any concerns? Never crossed my mind that they'd do this when we setup this box so I don't know if it's an issue.

Thanks.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Well, there are security concerns as to what's in the traffic. Having a reverse proxy like ISA would handle it. ISA tears the SSL layer off for inspection, then repackages it to send to the Exchange server.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
It's coming through a proxy on my Firebox...and they seem to be coming from the same block of IP's.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
I've got someone at 82.76.163.252 and 87.59.40.46 taking my domain name and concatenating it with these IP address/port combinations...

64.12.200.89:443
205.188.251.6:443
205.188.251.11:443
64.12.161.153:443
205.188.251.16:443
205.188.251.21:443
205.188.251.26:443

These are all AOL servers.

They are looking for azenv.php files also. So, my guess is they are either looking for exploits, or they are looking for proxies to use for spam relaying.
Port 443 has been a popular port for DDOS, so they might be testing that as well.
 
<feeling stupid> It was my users running WM and iPhone devices...

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Yea, I did that once too.
I saw a lot of weird traffic from one subnet, so I blocked it and ended up blocking all of ATT cellular traffic!

OOPS!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top