Dailydave mailing list archives
Re: A dumb question
From: "Josiah Wilkinson" <josiah.wilkinson () gmail com>
Date: Mon, 25 Sep 2006 08:31:41 -0400
If they were ever successful in bypassing your firewall, they could have used netbios enumeration, perhaps using a null session as discussed here: http://www.brown.edu/Research/SysAdmins/articles/netbios_null_sessions.html I'd double-check your firewall for any possible means of bypassing it - telnet, http, ssh open to world? Also, check what IPs are hitting your boxes, I'd guess there's a good chance they're international - if you don't have any international users, block those IP ranges... On 9/25/06, Robert Frailey <rfrailey () utahmed com> wrote:
The hackers nightly hit my microsoft windows 2003 servers. In the sercurity log i see an entry for anonymous then half a dozen failed login attempts. What bothers me is they've been trying my login name and my web masters login name for that perticular server. All have been unsuccessful but how did they get the login names. Rob _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Josiah Wilkinson CISSP, MCSE, CCNA
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Now that we've all had time for a good long browse, ... Dave Korn (Sep 23)
- A dumb question Robert Frailey (Sep 25)
- Re: A dumb question Josiah Wilkinson (Sep 25)
- Re: A dumb question Paul Asadoorian (Sep 25)
- Re: A dumb question Twenty SF (Sep 25)
- Re: A dumb question Josiah Wilkinson (Sep 25)
- A dumb question Robert Frailey (Sep 25)