Security Basics mailing list archives

RE: System Hacked

From: Dave Killion <Dkillion () netscreen com>
Date: Fri, 22 Aug 2003 09:56:38 -0700

tlntsrv.exe is the "Telnet Server".  Telnet is not encrypted, and anyone
on your LAN can sniff the username and password of all accounts that log
in to your system on this service.

You've combined the worst possible combination of services and security.
If you want to give away free POP3/SMTP accounts, do so with a proper
server operation system - like, *any* other - Linux, *BSD, hell, even
Solaris = any POSIX system you like.

I'm not an OS bigot, but I do believe in using the right tool for the
job.  And WindowsXP with telnet is decidedly not it.

In summary, your set-up is fundamentally insecure, and there's not much
you can do about it, other than not do what you're doing.  If you don't
have an extra machine, run a virtual one - there's plenty of virtual
machine programs running around - my favorite is VMWare.

In any event, good luck - I fear you'll need it.

-Dave

-----Original Message-----
From: malik malik [mailto:subscribejai () yahoo co uk]
Sent: Friday, August 22, 2003 1:15 AM
To: security-basics () securityfocus com
Subject: System Hacked


hi,
Someone hacked my system.I have SMTP/POP3 running on
Win XP and working on a LAN and have given permission
that any one on my LAN can create account.
Lastday someone created account and i got the message
of new account creation and when i checked i found
that he was trying mutiple SMTP connections TO&FROM
fake id. i got his ip.
When i checked the logs from Eventviewer i found that
Administrator loggedin twice from two different ip
using the tlntsvr.exe service thts why i am thinking
that the ip was fake.
Is there any way i can find out how he got access and
how he entered through tht SMTP port and the history
tht wht he did on getting the cmd prompt or any other
tracing trick.
thanks,
jai


________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

Attachment: smime.p7s
Description:

Current thread:

System Hacked malik malik (Aug 22)
- <Possible follow-ups>
- RE: System Hacked Dave Killion (Aug 22)
- RE: System Hacked Vladimir Moushkov (Aug 25)
- Re: System Hacked H Carvey (Aug 26)