Re: win2000 hacked.

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 02/26/03 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 25 Feb 2003 21:49:34 -0500

Sounds like Zone alarm didn't help you [and it sounds like you even paid for
it]. Either contact them and get their software correctly configured, or
install a different firewall, such as www.sygate.com, www.agnitum.com, or
www.kerio.com, all free. Some firewalls may have bugs where incoming
packets such as packets with the remote port set to UDP 137, so you could
check for such entries... or if you left TCP 80 open for your web server and
didn't patch and correctly configure IIS on your computer, then your
firewall becomes absolutely useless.

Here are other things:

http://securityadmin.info/faq.htm#ftpfolder
[more info on this attack and how to delete the folder]
http://securityadmin.info/faq.htm#hacked
[how to look for signs of how the intrusion was done]
http://securityadmin.info/faq.htm#iislogs2
http://securityadmin.info/faq.htm#iislogs
http://securityadmin.info/faq.htm#harden

The last link contains things you should do to harden your computer, these
things probably would have helped prevent this from happening.

Determining how the intrusion was done is helpful to 1) avoid making the
same mistake again next time, 2) determining what if anything was done, such
as passwords or credit cards stolen, etc, and 3) other computers on your
network might be at risk. After you're done doing this, you may really want
to consider formatting and reinstalling everything, because there's no way
to be sure you've found and removed all back doors allowing future re-entry.

HTH

"Kevin" <nospam@msu.com> wrote in message
news:uWlbUVQ3CHA.2288@TK2MSFTNGP09.phx.gbl...
> I have windows200 professional.
> I'm using DHCP to get IP adddress and have Zone Alarm pro.
> I'm not sharing anything from that machine.
> I have a Norton Antivirus coperate edition installed.
> All the service pack and update was up to date.
>
> However, I found that someone put reidenFTP server and uses it.
> Zone Alarm pro was configured in a way that ask for any new internet
> activity.
>
> what can I do?
>
>

Relevant Pages

  • Re: problem with msconfig [system configuration utility]
    ... Currently protected by firewall and AV from Zone Alarm. ... I am the sole user and administrator of this machine. ... Since there were so many patches to install in the rebuild [using a ... Nonetheless, I tried out what was suggested with Zone Alarm, ...
    (microsoft.public.windowsxp.general)
  • problem with msconfig [system configuration utility]
    ... Currently protected by firewall and AV from Zone Alarm. ... I am the sole user and administrator of this machine. ... AV and Firewall -- and the problem first showed up with that install]. ...
    (microsoft.public.windowsxp.general)
  • Larry, Thanks!
    ... I have used Zone Alarm Pro for several years now ... you) decide on a firewall product, ... Zone Alarm packages come with a free trial and unless you ... Larry for your help. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: win2000 hacked.
    ... > firewall becomes absolutely useless. ... > Determining how the intrusion was done is helpful to 1) avoid making the ... >> I'm using DHCP to get IP adddress and have Zone Alarm pro. ...
    (microsoft.public.win2000.security)
  • Re: zone alarm broke windows restore
    ...  The Windows firewall is fine, ... I could uninstall zone alarm, ... my problem is what firewall is the most recommended? ... Some people will install ZA thinking it will fix all/some problems ...
    (microsoft.public.windowsxp.help_and_support)
Loading