Re: Almost hacked, Need assistance please
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/13/05
- Next message: Steven L Umbach: "Re: Delegate permission to restart a service?"
- Previous message: Steven L Umbach: "Re: WIN2003Server Data Mismatch"
- In reply to: Jim: "Almost hacked, Need assistance please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 May 2005 20:18:42 -0500
As Laura said they do not need a domain name to attempt to access your
computer. An IP address would be fine. This should not be normally happening
if your firewall is configured correctly and you are not offering any
services to internet users such as WWW/FTP. You can use one of the free self
scan sites such as http://scan.sygatetech.com/ to check for basic
vulnerability from internet attacks. If netbios/file and print sharing ports
are exposed such attacks will almost certainly occur. Such attacks can also
come from compromised computer on your network if you have any more for
which the security logs can be helpful in identifying such. --- Steve
"Jim" <Jim@discussions.microsoft.com> wrote in message
news:72674871-FB52-4F98-B192-270E010D9668@microsoft.com...
> I'm new to servers and to Server 2003 so I'm going slowly and trying to
> learn.
>
> Last night I was logged in as Admin to continue working and learning. I
> made a few changes and requested a restart. However, I received a notice
> that "other people were logged in" on this computer. Now, I have a domain
> set up but the domain name is not yet registered as I'm still in my
> learning
> curve. I did the restart as I knew I was the only person who should be on
> the server.
> This morning I went thru my security logs and found the failed security
> audits from that time period. In short, someone was trying to hack the
> server and failed due to incorrect password. I've made some changes on
> lockouts and lockout thresholds and reviewed security policies but here
> are
> my main concerns:
> a.) I had no clue that someone was attempting to access the server.
> Surely
> there must be a built in utility to alert the admin when a login attempt
> is
> being made or is successful and who is attempting or has logged on?
>
> b.) Since my domain name is not published yet, how was this person able to
> identify the domain in order to attempt a logon?
>
> c.)I feel certain that this was a random attempt and my security logs show
> no other attempts since last night. So, obviously, my security policies
> are
> working somewhat, but are there any other policy changes I should look at
> to
> prevent a hacker from getting to the point he did?
>
> Thanks in advance to those more experience than me!
>
> Jim
- Next message: Steven L Umbach: "Re: Delegate permission to restart a service?"
- Previous message: Steven L Umbach: "Re: WIN2003Server Data Mismatch"
- In reply to: Jim: "Almost hacked, Need assistance please"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
