RE: System Hacked

• Previous message: Christian Kopacsi: "RE: hacker/security magazines"
• Maybe in reply to: malik malik: "System Hacked"
• Next in thread: Vladimir Moushkov: "RE: System Hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'malik malik'" <subscribejai@yahoo.co.uk>, security-basics@securityfocus.com
Date: Fri, 22 Aug 2003 09:56:38 -0700

tlntsrv.exe is the "Telnet Server". Telnet is not encrypted, and anyone
on your LAN can sniff the username and password of all accounts that log
in to your system on this service.

You've combined the worst possible combination of services and security.
If you want to give away free POP3/SMTP accounts, do so with a proper
server operation system - like, *any* other - Linux, *BSD, hell, even
Solaris = any POSIX system you like.

I'm not an OS bigot, but I do believe in using the right tool for the
job. And WindowsXP with telnet is decidedly not it.

In summary, your set-up is fundamentally insecure, and there's not much
you can do about it, other than not do what you're doing. If you don't
have an extra machine, run a virtual one - there's plenty of virtual
machine programs running around - my favorite is VMWare.

In any event, good luck - I fear you'll need it.

-Dave

-----Original Message-----
From: malik malik [mailto:subscribejai@yahoo.co.uk]
Sent: Friday, August 22, 2003 1:15 AM
To: security-basics@securityfocus.com
Subject: System Hacked

hi,
Someone hacked my system.I have SMTP/POP3 running on
Win XP and working on a LAN and have given permission
that any one on my LAN can create account.
Lastday someone created account and i got the message
of new account creation and when i checked i found
that he was trying mutiple SMTP connections TO&FROM
fake id. i got his ip.
When i checked the logs from Eventviewer i found that
Administrator loggedin twice from two different ip
using the tlntsvr.exe service thts why i am thinking
that the ip was fake.
Is there any way i can find out how he got access and
how he entered through tht SMTP port and the history
tht wht he did on getting the cmd prompt or any other
tracing trick.
thanks,
jai

________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

------------------------------------------------------------------------

---
------------------------------------------------------------------------
----

• application/x-pkcs7-signature attachment: smime.p7s

• Previous message: Christian Kopacsi: "RE: hacker/security magazines"
• Maybe in reply to: malik malik: "System Hacked"
• Next in thread: Vladimir Moushkov: "RE: System Hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]