Re: windows 2000 professional hacked with Serv-U FTP Server
From: Tony (tony.wong@sbcglobal.net)
Date: 11/27/02
- Next message: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Previous message: DAC: "98 Sees some w2k's but not others"
- In reply to: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tony" <tony.wong@sbcglobal.net> Date: Wed, 27 Nov 2002 08:12:36 GMT
Hmm, I have to check. What are these?
"frank" <fbedolla@cotopaxi.com.mx> wrote in message
news:#Y5SarVlCHA.1748@tkmsftngp07...
> just one question
> did you have os2ss.exe and os2svr.exe running in your task manager?
>
> --
>
> Regards
>
> Francisco Bedolla Ramirez
> (Work)
> Mexico DF
> W2K AS SP3
> "Tony" <tony.wong@sbcglobal.net> escribió en el mensaje
> news:y1CE9.298$hh1.21681209@newssvr21.news.prodigy.com...
> > ports 137-139 are blocked at the border router. It was running sp2.
Norton
> > Antivirus Corporate edition was running. Administrator did have a pretty
> > strong password.
> >
> > I dont know how they uploaded this trojab and started a server Serv-U
Ftp
> > Server listening on a high port 7000 or something like that
> >
> > Also All files uploaded was hidden under "My Pictures"
> >
> > Serveral accounts were created and were in the local admin group
> >
> >
> >
> > "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> > news:3de2184f.1199174@news.easynews.com...
> > > >This machine was not running IIS. how did they get in? auditing was
> > turned
> > > >off so no security info.
> > >
> > > Is your firewall blocking ports 137-139? Are you using strong
> > > passwords? Have you *now* truned on auditing so you can see future
> > > attacks? After having reformatted and reinstalled to eliminate the
> > > trojans/back doors/etc.?
> > >
> > > Jeff
> >
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.422 / Virus Database: 237 - Release Date: 20/11/2002
>
>
- Next message: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Previous message: DAC: "98 Sees some w2k's but not others"
- In reply to: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Next in thread: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Reply: frank: "Re: windows 2000 professional hacked with Serv-U FTP Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
