Security Basics mailing list archives
RE: System Hacked
From: Dave Killion <Dkillion () netscreen com>
Date: Fri, 22 Aug 2003 09:56:38 -0700
tlntsrv.exe is the "Telnet Server". Telnet is not encrypted, and anyone on your LAN can sniff the username and password of all accounts that log in to your system on this service. You've combined the worst possible combination of services and security. If you want to give away free POP3/SMTP accounts, do so with a proper server operation system - like, *any* other - Linux, *BSD, hell, even Solaris = any POSIX system you like. I'm not an OS bigot, but I do believe in using the right tool for the job. And WindowsXP with telnet is decidedly not it. In summary, your set-up is fundamentally insecure, and there's not much you can do about it, other than not do what you're doing. If you don't have an extra machine, run a virtual one - there's plenty of virtual machine programs running around - my favorite is VMWare. In any event, good luck - I fear you'll need it. -Dave -----Original Message----- From: malik malik [mailto:subscribejai () yahoo co uk] Sent: Friday, August 22, 2003 1:15 AM To: security-basics () securityfocus com Subject: System Hacked hi, Someone hacked my system.I have SMTP/POP3 running on Win XP and working on a LAN and have given permission that any one on my LAN can create account. Lastday someone created account and i got the message of new account creation and when i checked i found that he was trying mutiple SMTP connections TO&FROM fake id. i got his ip. When i checked the logs from Eventviewer i found that Administrator loggedin twice from two different ip using the tlntsvr.exe service thts why i am thinking that the ip was fake. Is there any way i can find out how he got access and how he entered through tht SMTP port and the history tht wht he did on getting the cmd prompt or any other tracing trick. thanks, jai ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ----
Attachment:
smime.p7s
Description:
Current thread:
- System Hacked malik malik (Aug 22)
- <Possible follow-ups>
- RE: System Hacked Dave Killion (Aug 22)
- RE: System Hacked Vladimir Moushkov (Aug 25)
- Re: System Hacked H Carvey (Aug 26)