Re: my computer was attacked, info please
From: leemer (spamkiller@killspammer.com)
Date: 12/02/02
- Next message: leemer: "Re: Recommends for Win2k Server firewall."
- Previous message: Jason: "Re: TPF"
- In reply to: Dimitri P.: "my computer was attacked, info please"
- Next in thread: Dimitri P.: "Re: my computer was attacked, info please"
- Reply: Dimitri P.: "Re: my computer was attacked, info please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "leemer" <spamkiller@killspammer.com> Date: Mon, 02 Dec 2002 15:10:06 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[snip][paste]
"I think that he intruded via port 21, because it was wide open."
Sounds like you were running a vulnerable version of FTP. FTP in *nix
and Windoz is inherently vulnerable to attack and your box can be
"rooted" in short order if you are not applying patches or upgrades
to whatever version of FTP you are running. Just because you have
applied service packs and patches to Win2000 doesn't necessarily mean
you've covered other services you may be running and their potential
exploitable charateristics. Get me?
This may help
http://www.astalavista.com/library/hardening/iis/securing-iis5.shtml
These are directly from Microsoft....GO AND READ!!
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS02-062.asp
the IIS Lockdown Tool may be useful for you...GO HERE!!
http://www.microsoft.com/downloads/release.asp?ReleaseID=43955&area=se
arch&ordinal=3
- --
- ---
Everybody's an expert!
~«©¿©»~
rm -rf /bin/laden
"Dimitri P." <see-bottom@for-email.see> wrote in message
news:PBuG9.4797$QT3.61145@weber.videotron.net...
> Hi all, For more than a year now I've been leaving a computer on
> at all times which is connected to the Internet via a LinkSys
> router to a Cable modem whose IP has always been the same.
>
> To my surprise, I woke up today just to discover that new
> directories had been created in my shared d: partition by an
> unknown [hacker?]. (entire drive d: is shared).
>
> The directories are as follows:
>
> <tagged by you know who>
> then a sub directory with the following name:
> <scanz by delusional>
> then another subdirectory
> <math.Advantage.2003.Algebra1.Downlink>
>
> and this subdirectory contains a 0-byte file with the following
> name:
>
> dlk-maalg1.sfv
>
> I think that he intruded via port 21, because it was wide open.
>
> Questions :
>
> - What is this file 0-byte dlk-maalg1.sfv ?
> - What is an sfv extension?
> - What can he possibly done to harm my computer?
> - Is there any way to check if he installed and executed a program
> that may report back to him any information?
> - Is there any way to find out what he [hacker] did exactly?
>
> On that particular computer, I'm running a Pentium II 300 MHz,
> Windows 2000 with latest patches and Service Packs.
>
> After this incident, I immediately installed Zone Alarm firewall in
> "agressive" mode, all security settings to MAX, and now after
> running several online security checks, it appears that everything
> shows "stealth".
>
> I ran an "all file" complete computer virus scan with McAfee latest
> virus definitions, and didn't find any viruses at all.
>
> please post your advice on this newsgroup.
>
> Thanks in advance
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPet3uLiJZxnLaA7lEQI0xgCgvzOOh6XJYwqZrTfDJHrPt9GRdakAnihK
r/YCjgM6em6R3sbnP8/uPr2i
=H1JB
-----END PGP SIGNATURE-----
- Next message: leemer: "Re: Recommends for Win2k Server firewall."
- Previous message: Jason: "Re: TPF"
- In reply to: Dimitri P.: "my computer was attacked, info please"
- Next in thread: Dimitri P.: "Re: my computer was attacked, info please"
- Reply: Dimitri P.: "Re: my computer was attacked, info please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
