Security Basics mailing list archives
Re: System Hacked
From: H Carvey <keydet89 () yahoo com>
Date: 23 Aug 2003 18:25:19 -0000
In-Reply-To: <20030822081441.61000.qmail () web10008 mail yahoo com> Jai,
Someone hacked my system.I have SMTP/POP3 running on Win XP and working on a LAN and have given permission that any one on my LAN can create account.
What application are you using? Exchange? Something else?
Lastday someone created account and i got the message of new account creation and when i checked i found that he was trying mutiple SMTP connections TO&FROM fake id. i got his ip.
Created account? Did you get notification from the app, or from the Event Log? What type of monitoring are you doing? These multiple connections could be relaying, as with a worm.
When i checked the logs from Eventviewer i found that Administrator loggedin twice from two different ip using the tlntsvr.exe service thts why i am thinking that the ip was fake.
If the IP is fake, or spoofed, the login wouldn't have worked, unless routers had also been hacked.
Is there any way i can find out how he got access and how he entered through tht SMTP port and the history tht wht he did on getting the cmd prompt or any other tracing trick.
If it's a remote hack, there might be some info on the system, but to be honest, it isn't really clear what happened. And where you look depends on what you've got running on the system. Harlan --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- System Hacked malik malik (Aug 22)
- <Possible follow-ups>
- RE: System Hacked Dave Killion (Aug 22)
- RE: System Hacked Vladimir Moushkov (Aug 25)
- Re: System Hacked H Carvey (Aug 26)