Re: windows 2000 professional hacked with Serv-U FTP Server

From: Andrew (itsec_andrewNOSPAM@hotmail.com)
Date: 11/30/02 

From: "Andrew" <itsec_andrewNOSPAM@hotmail.com>
Date: Sun, 1 Dec 2002 07:54:35 +1100

What about port 445? Win2K can be hacked through that port the same way
that you can through 137...

Andrew

"Tony" <tony.wong@sbcglobal.net> wrote in message
news:y1CE9.298$hh1.21681209@newssvr21.news.prodigy.com...
> ports 137-139 are blocked at the border router. It was running sp2. Norton
> Antivirus Corporate edition was running. Administrator did have a pretty
> strong password.
>
> I dont know how they uploaded this trojab and started a server Serv-U Ftp
> Server listening on a high port 7000 or something like that
>
> Also All files uploaded was hidden under "My Pictures"
>
> Serveral accounts were created and were in the local admin group
>
>
>
> "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> news:3de2184f.1199174@news.easynews.com...
> > >This machine was not running IIS. how did they get in? auditing was
> turned
> > >off so no security info.
> >
> > Is your firewall blocking ports 137-139? Are you using strong
> > passwords? Have you *now* truned on auditing so you can see future
> > attacks? After having reformatted and reinstalled to eliminate the
> > trojans/back doors/etc.?
> >
> > Jeff
>
>

Relevant Pages

  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: SRV RRs support in Internet Explorer?
    ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
    (microsoft.public.win2000.dns)
  • Re: Still cant connect to RWW or OWA remotely
    ... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ...
    (microsoft.public.windows.server.sbs)
  • Re: cannot send mail from Windows mail
    ... When a username/password combination doesn't work in Windows Mail, ... I mean I dont use it but as outgoing address for my ISP account. ... youir username and password are correct for your mail server". ... Ask your home ISP if they support SMTP on a port other than 25. ...
    (microsoft.public.windows.vista.mail)
  • Re: How to trigger server to reattempt printer connection
    ... The spooler does not log any SNMP data. ... Best practices and known issues when you install Windows Server 2003 Service ... Before restarting the spooler next time, create a new port name to the ... This does not happen often, but when it does, it seems to stay offline ...
    (microsoft.public.windows.server.general)