Re: How to stop suspected hackers activity?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/15/05 

Date: Sat, 15 Jan 2005 13:26:43 -0700

I believe you need to reexamine how you have things defined
in the router. It appears that first obtaining a VPN connection
is not being required in order to get to the server.

> When I try to access the server with the real ip address that is assigned
to
> the wan port of the router I get You are not authorized to view this page
> HTTP error 403.6, so I was under the impression that I was pretty safe.

seems to confirm this, since one should be getting a server not
found error in the client browser, not a message from the webserver. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"MMJII" <m@a.com> wrote in message
news:uZEG5$a%23EHA.3368@TK2MSFTNGP15.phx.gbl...
> Hello All,
> I have a Win SBS 2003 server that is on a dlink router. The server is
> accessed via ipsec vpn for RDP.
>  In the event log I am noticing Security logon/logoff failure (event 529)
> due to bad username, or password on the Administrator acct.
> I don't have the sever in the DMZ on the router, and the OWA is setup for
> access on the ip address of the vpn i.e. 192.168.20.20
> The event msg says
> Logon type 3
> Logon Process: NtLmSsp
> Authentication Package NTLM
> Source network Addres 151.196.62.240
>
> I am wondering how someone can access this server from the internet when I
> do not have the server in the DMZ zone?
> I have the server internal (nat ip) address in the router as a "virtual
> service" which will allow outside users to access the servers services,
but
> again this access is with a vpn connection.
> When I try to access the server with the real ip address that is assigned
to
> the wan port of the router I get You are not authorized to view this page
> HTTP error 403.6, so I was under the impression that I was pretty safe.
>
> Any ideas are GREATLY APPRECIATED!!!!
> Thanks
> MMJII
>
>

Relevant Pages

  • ~~~~~~~~~~~~~~ IP ADDRESS ~~~~~~~~~~~~~~
    ... block my ip address vista windows ... change public ip address linksys router ... setting up a network ip address ... warcraft server ip address ...
    (sci.misc)
  • Re: SBS 2003 Misconfigured?
    ... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to RWW from home PC
    ... eth0 172.26.0.1/16 Extra none ... That would be the address you need a DNS record for. ... One question - if I reset the Thomson Router will that clear all the ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: NLB Cluster - Ping fails or long time to reply from outside local subnet - SOLVED
    ... Windows Server 2008 Readiness Team ... I was feeling nervous about our teaming-capable adapter as I read it might be sending out heartbeats, so I disabled it AND configured the cluster on a separate DLink card in multicast mode. ... I am losing the plot with NLB, I have spent a week trying to get it working. ... I thought that the litmus test was that the router functions fine when no NLB is installed, but when it is, things start going screwy. ...
    (microsoft.public.windows.server.clustering)
  • Re: SBS 2003 Misconfigured?
    ... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)