[Anthony2oo5]

Good Morning, im wondering if someone could give me a bit of advice please?

Our company has a standalone sbs server 2003 that runs exchange, SQL, Active Directory ect ect. It has 2 network cards, one with 192.168.1.1 (which is in a DMZ set on the router) and 192.168.0.1 (Which is the internal network). It is not running ISA.

Is there any point the server being in the DMZ seen as it is a standalone server ?

Also we are having a problem with the internet being really slow. Its almost impossible to login to the router so im guessing its getting hammered. The problem is, when we look at the logs on the router everything comes from 192.168.1.1:852145 (or some other random port). So we are finding it hard to track who is causing the traffic on the internal network. How can we track who is causing the problems and what internal IP its coming from.

Thanks in advance for your help.

Regards

[Tripredacus]

The only time I've seen a server in the DMZ was if it is running a web server app. What is the particular reason you have it in the DMZ?
Also I'm not too keen on the idea of having a DC in the DMZ... sounds like a possible security concern.

[allen2]

The only reason, i see for it to be in dmz, is so it can handle the smtp function without another device or redirection (which is a very stupid idea).
As Tripedacus said, it is very dangerous having a DC in DMZ.
You might think about buying more hardware like two more servers and use them to create VMs for handling each function (one for each). You'll need also to setup a smtp relay with filtering capability in both ways.
The problem you encounter might be a "simple" reverse spam attack (with non delivery reports).