Larry,
	This is my first time posting and I realize this is a bit of topic, but
let me explain what happened.
	That was indee a virus post by someone not on the list. They were able to
hijack your server. Here is something you might find of intrest, as well as
others on the list. It was posted to another list I am a member of, and
offers a possible answer to this problem. I use this software and it works
great. Check it out. It is worth the time.

Don Stevens

Sender: owner-radobs@........................
From: Tom Hanson 
To: radobs@........................
Subject: Internet Protection Against Hackers Demonstrated
X-Sender: tahanson@..........................
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)

Some members of the Radobs List may have noticed an article in Friday's
Columbus Dispatch, in the Business section, entitled: 

"Firewalls can help secure your home of office computer"

The article is part of the series "On Computing" by Michael J. Himowitz

My client saw this article, and asked if we could check out some of the
suggestions.  He is running a server on a Warner Cablemodem.

We used Steve Gibson's security checking routine at www.grc.com, and found
numerous holes in the security on the Microsoft NT 4.0 (Sp 4) server.

We then downloaded and installed ZoneAlarm (www.zonelabs.com) and installed
it.

As the NT server rebooted, the ZoneAlarm package kept me busy for a while,
approving the normal functions to be allowed access to the Internet, such
as our Internet Information Server package, two browsers, and two email
packages.

There were a number of permissions requested for several functions which I
did not realize were going on, but which make sense, such as permission for
the SMTP package to send outgoing email.

After all the permissions had been granted, we returned to our normal duties.

Not more than half an hour later, an alarm went off.

It turned out that a site in Korea was trying to use our server to send email.

One of our people took the IP address reported by Zone Alarm, launched a
browser at the site, and we got what I ** think ** was 16 bit characters.
One of the employees is a native Chinese, and he recognized part of the
graphics as Korean.

An hour after that, the alarm went off again.  This time, there were five
alarms accumulated from a different address.

We didn't bother following up on the address this time.

I now believe I can understand why our cable modem seemed to be frantically
busy much of the time, while the visits to our web site did not appear to
demonstrate great amounts of activity.

The ZoneAlarm package appears to be very effective. It is available for
Win95, Win98 and NT, including NT Server.

The package is free to private individuals and to non-profit organizations.

There is a 60 day free trial period for businesses, after which we will
presumably receive notice of the required fee.

The ZoneAlarm site reported over 1.5 million downloads of its software.

As a verification, we went back to www.grc.com, to see how the security
looked now. The security check was perfect, including a message
congratulating us on having secured the NetBios, which (it claimed) was a
major weakness of systems tested.

This package would be most useful for persons or companies who have
permanent connections on the Internet.

(th)

Don Stevens
Clear Skies!
xor@........

Visit an Observatory near you!
Perkins Observatory, P.O. Box 449, Delaware, OH 43015
Phone: (740) 363-1257 Fax: (740) 363-1258
www.perkins-observatory.org 
perkins@.......... 
__________________________________________________________

Public Seismic Network Mailing List (PSN-L)