Re: How to stop suspected hackers activity?

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/15/05 

Date: Sat, 15 Jan 2005 13:26:43 -0700

I believe you need to reexamine how you have things defined
in the router. It appears that first obtaining a VPN connection
is not being required in order to get to the server.

> When I try to access the server with the real ip address that is assigned
to
> the wan port of the router I get You are not authorized to view this page
> HTTP error 403.6, so I was under the impression that I was pretty safe.

seems to confirm this, since one should be getting a server not
found error in the client browser, not a message from the webserver. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"MMJII" <m@a.com> wrote in message
news:uZEG5$a%23EHA.3368@TK2MSFTNGP15.phx.gbl...
> Hello All,
> I have a Win SBS 2003 server that is on a dlink router. The server is
> accessed via ipsec vpn for RDP.
>  In the event log I am noticing Security logon/logoff failure (event 529)
> due to bad username, or password on the Administrator acct.
> I don't have the sever in the DMZ on the router, and the OWA is setup for
> access on the ip address of the vpn i.e. 192.168.20.20
> The event msg says
> Logon type 3
> Logon Process: NtLmSsp
> Authentication Package NTLM
> Source network Addres 151.196.62.240
>
> I am wondering how someone can access this server from the internet when I
> do not have the server in the DMZ zone?
> I have the server internal (nat ip) address in the router as a "virtual
> service" which will allow outside users to access the servers services,
but
> again this access is with a vpn connection.
> When I try to access the server with the real ip address that is assigned
to
> the wan port of the router I get You are not authorized to view this page
> HTTP error 403.6, so I was under the impression that I was pretty safe.
>
> Any ideas are GREATLY APPRECIATED!!!!
> Thanks
> MMJII
>
>

Relevant Pages

  • Re: SBS 2003 Misconfigured?
    ... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to RWW from home PC
    ... eth0 172.26.0.1/16 Extra none ... That would be the address you need a DNS record for. ... One question - if I reset the Thomson Router will that clear all the ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: NLB Cluster - Ping fails or long time to reply from outside local subnet - SOLVED
    ... Windows Server 2008 Readiness Team ... I was feeling nervous about our teaming-capable adapter as I read it might be sending out heartbeats, so I disabled it AND configured the cluster on a separate DLink card in multicast mode. ... I am losing the plot with NLB, I have spent a week trying to get it working. ... I thought that the litmus test was that the router functions fine when no NLB is installed, but when it is, things start going screwy. ...
    (microsoft.public.windows.server.clustering)
  • Re: Cannot connect to RWW from home PC
    ... That would be the address you need a DNS record for. ... You say "And in the router you need to forward to your external nic IP" ... Still can't telnet to any of your ports at your public ip address. ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 Misconfigured?
    ... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
    (microsoft.public.windows.server.sbs)
Quantcast