Re: Please help I have been hacked!!
From: NeoSadist (neos@dist)
Date: 09/17/02
- Next message: x y: "Re: users logon HELP!!!!"
- Previous message: Lee Le: "password won't work"
- In reply to: karl [x y]: "Re: Please help I have been hacked!!"
- Next in thread: x y: "Re: Please help I have been hacked!!"
- Reply: x y: "Re: Please help I have been hacked!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "NeoSadist" <neos@dist> Date: Mon, 16 Sep 2002 17:28:39 -0600
"karl [x y]" <jamescagney90210@excite.com> wrote in message
news:#GBi1xKXCHA.1812@tkmsftngp10...
> There isn't really one piece of software to detect hacking. Unless you
can
> manually identify which intrusion method was used [hint, look at the logs
on
> your IIS web and ftp server and firewalls or routers], we can't know what
to
> look for or which tool to use to do it. I might consider some or all of
the
> tools below, as these will detect some types of hacking and help prevent
> others:
>
> - anti-trojan scanner such as www.pestpatrol.com [they also have a free
> open port scanner]
> - antivirus scanner like norton that is set to download updates daily, on
> all clients and on vulnerable servers as needed
> - a file change checker such as the free Languard file integrity checker
> from www.gfi.com [download page is hidden under the "white papers" section
> on their web site]
> - a port scanner such as superscan from www.foundstone.com
> - fport or vision from www.foundstone.com [must be run locally, can be
> scripted]. Also check out the log analyzer tools there.
> - a firewall with logging set up and that blocks outbound connections as
> well as inbound [the cheapest firewalls start with Netgear or Linksys at
> around $70 US]
> - consider firewall software such as sygate for vulnerable clients and
> servers
> - run one or more vulnerability assessment scanners such as the free
> Languard software from www.gfi.com
> - run HFNETCHK [available from www.microsoft.com/security or
> www.microsoft.com/download ] to scan computers on the network for missing
> patches [requires Remote Registry service be running and accessible]
>
> The port scanner will help you to see if other computers are running FTP
> servers. Fport will help you tell whether Microsoft IIS FTP server is
being
> used, or whether the hackers installed their own FTP server software [the
> latter is usually somewhat more disturbing]. If the latter is used, the
IIS
> web server logs will often show exactly how the intrusion took place [look
> for any lines containing % or .EXE and that also have a code 200 or 502 in
> the line]. If Microsoft FTP server was used, it could be as simple as the
> FTP server was set up with the anonymous user having both read and write
> access to a folder, which allows this sort of thing.
>
> Using firewall and antivirus is not enough. You also want to have all
> service packs and security patches installed on all computers, especially
> Microsoft patches, and the computers should also be configured securely
> using, for starters, the security checklists at
www.microsoft.com/security.
> For some of this stuff, such as configuring the firewall, your company
> should consider hiring a security consultant, as you'll be hacked again if
> it isn't done correctly. Consider reading books such as Hacking Exposed
3rd
> edition and maybe Incident Response.
>
>
> "Alec" <alec34us@yahoo.com> wrote in message
> news:13d7c01c25c6c$902c7050$3bef2ecf@TKMSFTNGXA10...
> > I just started this IT job on an entry level position.
> > The department has a lot of computers and I don't know if
> > they are infected too. This happened on and old ladies
> > computer. Is there any software available that I can
> > purchase to scan the other computers?
> >
> > Thanks!!
> >
> > >-----Original Message-----
> > >
> > >"alec" <alec34us@yahoo.com> wrote in message
> > >news:1161501c25c4d$653451c0$37ef2ecf@TKMSFTNGXA13...
> > >> Dear Newsgroup,
> > >>
> > >> I have just realized that my computer at work had been
> > >> hacked. It is Windows 2000. Someone has hacked into it
> > >> and made it a file server for "Star War" movies. It
> > has a
> > >> trojen on it. My question is how? Or more important is
> > >> there any third party software that I can scan our other
> > >> office computers for this. How can I check. I had no
> > >> idea this was going on in my computer. I am scared!
> > >>
> > >> Thanks for any help!!
> > >
> > >
> > >First of all, if you don't have anti-virus software, get
> > some. If you do
> > >but it doesn't detect it, get Norton Antivirus or
> > something that you
> > >actually pay for.
> > >Second, get a firewall. Any firewall. Delete the movies.
> > >But are you sure you were hacked? What if it's your
> > friend or son or wife?
> > >
> > >
> > >.
> > >
>
>
Well, let's put it this way. Norton Antivirus does about half of that, and
Norton Personal Firewall the other half.
But this is corporate, so I'd recommend Norton Antivirus Corporate Edition
and Norton Personal Firewall Corporate Edition.
But if this happened locally, it should've been something they downloaded or
something local. But that assumes that your servers are firewalled, etc.,
which they should be. I'd be looking for vulnerabilities at the server
level first.
But hey, that's just me.
- Next message: x y: "Re: users logon HELP!!!!"
- Previous message: Lee Le: "password won't work"
- In reply to: karl [x y]: "Re: Please help I have been hacked!!"
- Next in thread: x y: "Re: Please help I have been hacked!!"
- Reply: x y: "Re: Please help I have been hacked!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
