pronto 6 Posted December 19, 2019 Share Posted December 19, 2019 Servus Community, we have added two Exchange Server 2016 to our infrastructure this week and are currently analyzing the behavior of the servers. The Exchange infrastructure is accessible via HTTPS over the Internet and today we saw three warnings in EMC that we can't unambiguously interpret now. It indicates that the firewall has detected some attacks but not what has been done about them. The warnings are listed as unresolved. Probably they are just brute force attacks on the login of the Exchange Command Panel but what makes us suspicious is that we did not knowingly install a firewall. We only installed the Management Agent and the Mail Security. Is there more information where this firewall comes from now and a best practice tutorial on how to best handle it? And how should we proceed with these unresolved threats? Thx in advance & Bye Tom Link to comment Share on other sites More sharing options...
itman 1,659 Posted December 19, 2019 Share Posted December 19, 2019 (edited) 4 hours ago, pronto said: Probably they are just brute force attacks on the login of the Exchange Command Panel but what makes us suspicious is that we did not knowingly install a firewall. EMS has IDS protection. I believe your brute force attack assumption is correct and that is what Eset IDS detected. Edited December 19, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts