Windows Server - Suspected Hacker
Asked By Eric
20-Nov-09 12:44 PM
While I was reviewing the security event logs I noticed that there were
multiple attempts to log in remotely to the server via an outside ip
addresses. These ips have changed and the ip traces I have done told me that
the location is all over the place. Czech Republic, Virginia, LA are just
some of the locations traced.
The account names that are attempting to log in are administrator, terminal,
manager, and several more commonly used account names. Most of which are not
used in my network.
It seems to me that these are attempts at hacking. If it is then what steps
should I take to protect my network?
Windows XP
(1)
Windows Installer
(1)
Windows Vista
(1)
IPSec
(1)
Virginia
(1)
Republic
(1)
Firewall
(1)
Thatterminal
(1)
Tom Willett replied to Eric
Firewall!!!!
that
terminal,
not
steps
Wilson, Phil replied to Eric
All of them that that apply! Firewall, security updates, make sure all your
passwords are not obvious. If you are not in a domain then get in one and
make sure that nobody outside the domain can connect or join (there are some
IPSec and other options). If it is web server use tools to prevent cross-site
scripting. If you host anything that connects to SQL make sure you cannot get
SQL injection. There are general solutions like a firewall, but you should
do some threat modeling based on your attack surface, as they might say in
the jargon, and then apply the appropriate solutions.
--
Phil Wilson
The Definitive Guide to Windows Installer
http://www.apress.com/book/view/1590592972
David H. Lipman replied to Eric
| While I was reviewing the security event logs I noticed that there were
| multiple attempts to log in remotely to the server via an outside ip
| addresses. These ips have changed and the ip traces I have done told me that
| the location is all over the place. Czech Republic, Virginia, LA are just
| some of the locations traced.
| The account names that are attempting to log in are administrator, terminal,
| manager, and several more commonly used account names. Most of which are not
| used in my network.
| It seems to me that these are attempts at hacking. If it is then what steps
| should I take to protect my network?
As other noted... FireWall !
You platform is exposed to the Internet. You need to put a barrier between you
computer(s) and the internet. A simple NAT Router or a NAT Router with a Full FireWall
Implemtation will go a long way in mitigating such threats.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Mr. Cheese replied to Wilson, Phil
Wilson, Phil wrote:
Excuse my ignorance: How could one NOT be "in a domain"?
Shenan Stanley replied to Mr. Cheese
Got a computer at home?
it is probably not 'in a domain'.
Have a computer with Windows XP Home Edition? Windows Vista Home ____?
it is *not* 'in a domain'.
Domains - in the sense of this conversation - are normal in business
environments - allowing management of resources centrally and more readily.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
Create a User and Apply Group Policy all via a Windows Installer Windows Server Hello, I'm trying to build a windows installer that will create a new local user and set thier group policy. The PC's applying Group Policy via the Domain is not an option. Installers can do whatever a Windows Application can do, so for the sake of argument we can say we're creating a Windows Exe. Creating the user is easily done via WMI. The new user should have limited any ideas on how this might be accomplished please offer your ideas. Thank You, Jesse Windows Group Policy Discussions Windows XP (1) Windows Installer (1) Vista (1) GroupPolicyUsers (1) GroupPolicy (1
Windows Internet Explorer 7 for Windows XP Windows Server Feb 2008 updates include "Windows Internet Explorer 7 for Windows XP". WSUS3 now says 23 computers need it. That is accurate. The 23 computers are all update or else it'll keep showing 23 computers need updates. Am I right? Btw, Windows Internet Explorer 7 Dynamic Installer isn't checked in Products and Classifications selections but IE7
AD LDS - Available for Windows XP? Windows Server In looking into AD LDS (as we currently use ADAM for some extranet scenarios for development), I've seen reports both ways with respect to installing AD LDS on windows xp. Can anyone definitively answer: 1. Can AD LDS be installed on Windows XP? 2. If so, how do I do it? I have the 2008 Server media, but don't want to install that just so I can get AD LDS. . . Mark Faulcon Windows Server Active Directory Discussions Windows XP (1) Vista (1) Database (1) TokenGroups (1) Directory (1
WSUS not detecting Windows Installer 3.1 as required. Windows Server Hi, As above. Im running in a lab env and have 5 WSUS clients, 3 XP and 2 Svr 2003. None of them have detected that Microsoft Windows Installer 3.1 is required, i have had to install manually. The update status is ". . .not Its approved for install from the root. Its becomming a real problem. . . please help! Mike. Windows Server Update Services Discussions Windows XP (1) Office XP (1) Windows Server 2003 (1) Windows Installer (1) Windows Update (1
Windows Installer Windows Server Hi, I’m encountering since weeks a problem, while installing a program: Mistake description:"Fehler 1719. Auf den Windows Installer-Dienst konnte nicht zugegriffen werden" beim Hinzufügen oder Entfernen von Programmen Produkte anzeigen, auf die Microsoft Knowledge Base:315346- -(http: / / support.microsoft.com / kb / 315346 / EN-US / ) "Error 1719: The Windows Installer service could not be accessed" error message when you try to add or remove a program. Even the programm msicuu2.exe, which is needed to remove the windows installer, couldn't be installed. What can I do?? I’d really appreciate Your help