Re: Almost hacked, Need assistance please

From: Laura E. Hunter \(MVP\) ("Laura)
Date: 05/11/05

• Next message: Laura E. Hunter \(MVP\): "Re: Delegate permission to restart a service?"
• Previous message: Ezra Herman: "Re: Inexpensive Antivirus - or do I need it at all?"
• In reply to: Jim: "Almost hacked, Need assistance please"
• Next in thread: Jim: "Re: Almost hacked, Need assistance please"
• Reply: Jim: "Re: Almost hacked, Need assistance please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 11 May 2005 14:54:13 -0400

> b.) Since my domain name is not published yet, how was this person able to
> identify the domain in order to attempt a logon?

Does your server have a public IP address? The attacker most likely simply
scanned a range of IP addresses to see if any of them were "listening" on
the ports used by Active Directory and Windows file sharing.

>
> c.)I feel certain that this was a random attempt and my security logs show
> no other attempts since last night. So, obviously, my security policies
> are
> working somewhat, but are there any other policy changes I should look at
> to
> prevent a hacker from getting to the point he did?
>

I would recommend putting up a software- or hardware-based firewall while
you are learning, if you are using a publicly-routable IP address. As long
as external users can reach your IP address, they will be able to attempt to
log onto the server.

-- 
Laura E. Hunter
Microsoft MVP - Windows Server Networking
Author: _Active Directory Consultant's Field Guide_ 
(http://tinyurl.com/7f8ll)
All information provided "AS-IS", no warranties expressed or implied.
Replies to newsgroup only.

---

• Next message: Laura E. Hunter \(MVP\): "Re: Delegate permission to restart a service?"
• Previous message: Ezra Herman: "Re: Inexpensive Antivirus - or do I need it at all?"
• In reply to: Jim: "Almost hacked, Need assistance please"
• Next in thread: Jim: "Re: Almost hacked, Need assistance please"
• Reply: Jim: "Re: Almost hacked, Need assistance please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Security permissions made in AD change to default ... I have confirmed through the security logs that the NT Authority/Anonymous ... Logon is changing the ACL for this user back to default. ... there any way to diable this function in Windows 2003 Server? ... (microsoft.public.backoffice.smallbiz) Re: Please help refresh my memory on AD DC ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ... (microsoft.public.windows.server.active_directory) Re: Logon Server Unavailable ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ... (microsoft.public.windows.server.dns) Re: Logon Server Unavailable ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ... (microsoft.public.windows.server.networking) RE: Problems with 529 Events ... attempting to logon on some services on the SBS server. ... and then click Account Lockout Policy. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2005-05