Possible Intruder - Help urgently needed
From: Emdee (mikeDONTSPAM@webheat.co.uk)
Date: 02/20/03
- Next message: carlo: "Re: event id 627"
- Previous message: Bruce Robertson: "Re: adminDSholder being over zealous!"
- Next in thread: Daniel Billingsley: "Re: Possible Intruder - Help urgently needed"
- Reply: Daniel Billingsley: "Re: Possible Intruder - Help urgently needed"
- Reply: x y, mvp: "Re: Possible Intruder - Help urgently needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Emdee" <mikeDONTSPAM@webheat.co.uk> Date: Thu, 20 Feb 2003 17:12:53 -0000
I believe I may have an intruder in my network on 7 Win2K machines (2 of
which are DCs).
I believe the intruder is doing the following:
-Modifying the accounts of Administrator and Guest(disabled)
-Possibly making some Security Policy changes
-Afterwards clears up by deleting the alters Security Policies from Sysvol
What I need from your guys in some help in working out how they're getting
in.
What should I be looking at to find there entry point??
I need this help like yesterday so the quicker the better.
Thanks all
Mike
- Next message: carlo: "Re: event id 627"
- Previous message: Bruce Robertson: "Re: adminDSholder being over zealous!"
- Next in thread: Daniel Billingsley: "Re: Possible Intruder - Help urgently needed"
- Reply: Daniel Billingsley: "Re: Possible Intruder - Help urgently needed"
- Reply: x y, mvp: "Re: Possible Intruder - Help urgently needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
