RE: uh, oh (was:Re: w2k server compromised)
From: Thomas Cameron (ThomasC@mip.com)
Date: 01/29/03
- Previous message: Gabriel Aguilera: "RE: Win2k log management"
- Maybe in reply to: Dan Uscatu: "uh, oh (was:Re: w2k server compromised)"
- Next in thread: Bronek Kozicki: "Re: uh, oh (was:Re: w2k server compromised)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Thomas Cameron <ThomasC@mip.com> To: focus-ms@securityfocus.com Date: Wed, 29 Jan 2003 14:29:29 -0600
I imagine that the local administrator and the domain administrator's
password are the same, and the laptop is passing the local account
username/password pair to the server.
Just a SWAG.
Thomas Cameron, RHCE, CNE, MCSE, MCT
Best Software - MIP
-----Original Message-----
From: Dan Uscatu [mailto:duscatu@lunatech.ro]
Sent: Wednesday, January 29, 2003 10:04 AM
To: focus-ms@securityfocus.com
Subject: uh, oh (was:Re: w2k server compromised)
ok here are the conclusions:
in order to create a second DC, one *must* set the DNS on this second
computer to point to the first DC. dont ask why... my guess it has somehting
to do with netbios names
i have a DNS on linux on the network, it is resolving all computers
including the first DC and the second one... but DCPROMO wont allow me to
add the second DC for some obscure reason unless i set the DNS to point to
the DC.
anyway problem is solved, the server was reinstalled and all uid's are
fine.
but, what the hell:
i am using my laptop outside the domain, logged in as local administrator.
now i can access the c$ and d$ shares (and all others) on the DC without a
password !!! can anyone guess why this thing is happening and what can i do
to stop it ?
p.s. the DC is not in internet so dont bother trying to get it :)
For the protection of our internal systems and those of our customers,
MIP/Best Software blocks most email attachments. Please use plain text when
corresponding via email with MIP/Best Software.
- Next message: Bronek Kozicki: "Re: uh, oh (was:Re: w2k server compromised)"
- Previous message: Gabriel Aguilera: "RE: Win2k log management"
- Maybe in reply to: Dan Uscatu: "uh, oh (was:Re: w2k server compromised)"
- Next in thread: Bronek Kozicki: "Re: uh, oh (was:Re: w2k server compromised)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
