Hello and welcome to the Wednesday, March 29th, 2003 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Jesse today wrote about how to collect the packet captures in a home lab network and what the different options are

and what sort of the different traffic you're seeing based on where you are placing your sensors.

The nice thing here is he used sort of a fairly cheap netgear switch with a span port in order to collect packets.

It's actually not a bad option for sort of a home network like this.

Not great in the sense that the tab is probably better,

but then again, those switches are significantly cheaper

and do the job quite well with the traffic level that you typically have in a lab network

like this. So interesting post here also he's comparing some of the different sensor types

that he's using and what type of traffic he's seeing in each. And Microsoft really wants you to patch your exchange servers, in particular if you're

hosting them in Microsoft's cloud.

The way they're now putting sort of additional pressure on administrators of out-of-date and

unpatched and vulnerable exchange servers is by throttling email from those known vulnerable servers to exchange online.

As Microsoft put it, if your exchange server is vulnerable, it's potentially exploited, and email can't really be trusted from

this exchange server.

There's sort of a warning phase of 30 days where you'll just see in your dashboard that

the mail server is out of date and needs to be updated.

Then there's an incremental increasement sort of every 10

days where they start actually blocking email. And then after 90 days, if you're still not patched,

well, they will block all of your email. You have the option to sort of remove that block,

but only for 90 days per year.

The only other option is, well, to get your exchange server up to date.

...