Re: windows 2000 professional hacked with Serv-U FTP Server

From: Andrew (itsec_andrewNOSPAM@hotmail.com)
Date: 11/30/02

• Next message: Iikka Meriläinen: "Re: Remove the "Domain Users" group from the "Power Users" group.."
• Previous message: Jeff Qiu: "RE: Everyone Group Missing"
• In reply to: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
• Next in thread: x y: "Re: windows 2000 professional hacked with Serv-U FTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Andrew" <itsec_andrewNOSPAM@hotmail.com>
Date: Sun, 1 Dec 2002 07:54:35 +1100

What about port 445? Win2K can be hacked through that port the same way
that you can through 137...

Andrew

"Tony" <tony.wong@sbcglobal.net> wrote in message
news:y1CE9.298$hh1.21681209@newssvr21.news.prodigy.com...
> ports 137-139 are blocked at the border router. It was running sp2. Norton
> Antivirus Corporate edition was running. Administrator did have a pretty
> strong password.
>
> I dont know how they uploaded this trojab and started a server Serv-U Ftp
> Server listening on a high port 7000 or something like that
>
> Also All files uploaded was hidden under "My Pictures"
>
> Serveral accounts were created and were in the local admin group
>
>
>
> "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
> news:3de2184f.1199174@news.easynews.com...
> > >This machine was not running IIS. how did they get in? auditing was
> turned
> > >off so no security info.
> >
> > Is your firewall blocking ports 137-139? Are you using strong
> > passwords? Have you *now* truned on auditing so you can see future
> > attacks? After having reformatted and reinstalled to eliminate the
> > trojans/back doors/etc.?
> >
> > Jeff
>
>

• Next message: Iikka Meriläinen: "Re: Remove the "Domain Users" group from the "Power Users" group.."
• Previous message: Jeff Qiu: "RE: Everyone Group Missing"
• In reply to: Tony: "Re: windows 2000 professional hacked with Serv-U FTP Server"
• Next in thread: x y: "Re: windows 2000 professional hacked with Serv-U FTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Some technical errors ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ... (Security-Basics) Re: SRV RRs support in Internet Explorer? ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ... (microsoft.public.win2000.dns) Re: Still cant connect to RWW or OWA remotely ... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ... (microsoft.public.windows.server.sbs) Re: Outlook 2003 client ... Items' folder from the Send/Receive group for my account, ... Send/Receive to synchronize Outlook local data with the Exchange Server, ... Port 21 enable external and internal file transfer ... Port 80 enables all nonsecure browser access, ... (microsoft.public.windows.server.sbs) RE: SMTPS - Exchange ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... If the Exchange server is listening on other port rather ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint