Re: Open Ports on 2003 Server (No firewall)

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 08/24/04


Date: Tue, 24 Aug 2004 18:35:12 GMT

On Mon, 23 Aug 2004 21:40:27 -0500, Bruce Vander Werf
<bvanderw-news5021@mailblocks.com > wrote:

>We have been having some problems with a hacker on a new 2003 Server.
>The server is not behind any type of firewall - it has a direct
>connection to the Internet.

I'm pretty sure I can identify your problem, and solution, from just
the above information. In fact, you probably can too, give it a
try...

>FWIW, it appears the hacker is using this box to store files.

Well, it would be hard to expect anyone who would not use a firewall
to also not leave anonymous upload disabled. Just goes to prove, no
matter how secure out of the box you make an OS, someone will come
along and open it right up.

First, flatten the box. You're compromised, so you have to wipe
everything and reinstall from known good media. Then make sure you
have all the security updates in place *and a firewall properly
configured* before you let this box back online. See the resources
at:

http://www.microsoft.com/security/
http://securityadmin.info/

Jeff