Security Basics mailing list archives
RE: System Hacked
From: Vladimir Moushkov <vlindos_mpdev () abv bg>
Date: Sat, 23 Aug 2003 12:59:23 +0300 (EEST)
Hi, is guest account enabled on your PC ? Telnet server would accept connection from guest accounts: login: \\GUEST ..MS banner.. c:\>
hi, Someone hacked my system.I have SMTP/POP3 running on Win XP and working on a LAN and have given permission that any one on my LAN can create account. Lastday someone created account and i got the message of new account creation and when i checked i found that he was trying mutiple SMTP connections TO&FROM fake id. i got his ip. When i checked the logs from Eventviewer i found that Administrator loggedin twice from two different ip using the tlntsvr.exe service thts why i am thinking that the ip was fake. Is there any way i can find out how he got access and how he entered through tht SMTP port and the history tht wht he did on getting the cmd prompt or any other tracing trick. thanks, jai
--------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- System Hacked malik malik (Aug 22)
- <Possible follow-ups>
- RE: System Hacked Dave Killion (Aug 22)
- RE: System Hacked Vladimir Moushkov (Aug 25)
- Re: System Hacked H Carvey (Aug 26)