Re: Open Ports on 2003 Server (No firewall)

From: Jeff Cochran (jeff.nospam_at_zina.com)
Date: 08/24/04


Date: Tue, 24 Aug 2004 18:35:12 GMT

On Mon, 23 Aug 2004 21:40:27 -0500, Bruce Vander Werf
<bvanderw-news5021@mailblocks.com > wrote:

>We have been having some problems with a hacker on a new 2003 Server.
>The server is not behind any type of firewall - it has a direct
>connection to the Internet.

I'm pretty sure I can identify your problem, and solution, from just
the above information. In fact, you probably can too, give it a
try...

>FWIW, it appears the hacker is using this box to store files.

Well, it would be hard to expect anyone who would not use a firewall
to also not leave anonymous upload disabled. Just goes to prove, no
matter how secure out of the box you make an OS, someone will come
along and open it right up.

First, flatten the box. You're compromised, so you have to wipe
everything and reinstall from known good media. Then make sure you
have all the security updates in place *and a firewall properly
configured* before you let this box back online. See the resources
at:

http://www.microsoft.com/security/
http://securityadmin.info/

Jeff



Relevant Pages

  • Re: Serious Security Issue in Windows XP SP2s Firewall
    ... Subject: AW: Serious Security Issue in Windows XP SP2's Firewall ... If you update a WinXP SP-1 with enabled Internet ... Connection Firewall ...
    (Focus-Microsoft)
  • Re: Big hole??
    ... > firewall then even they can't get in, ... > supposedly safe SP2 for Windows XP invites any Internet ... > Connection Sharing of the PC has to be disabled. ... > in fact is a common configuration and not a rare sight. ...
    (microsoft.public.windowsxp.general)
  • Re: More on Remote Desktop
    ... Chances are good, though, that he's already got VPN capabilities on his ... firewall to do it for $100. ... > server at home...or purchase additional/new hardware... ... >> my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: More on Remote Desktop
    ... on your firewall to the world, you will almost certainly get hacked. ... between your clients and server on your own LAN. ... your laptop into that LAN server has got to be making these two public IP's ... PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: SBS 2003 and self signed SSL certificate
    ... Connection type: broadband connection using a local router device with an ... Preferred DNS server: 207.54.98.193 ... The firewall on your computer running Small Business Server could not be ... configure a firewall to secure your local network from the Internet. ...
    (microsoft.public.windows.server.sbs)