RE: System Hacked

[Vladimir Moushkov <vlindos_mpdev () abv bg>]

Hi,
is guest account enabled on your PC ?
Telnet server would accept connection from guest accounts:

login: \\GUEST
..MS banner..
c:\>

> hi,
> Someone hacked my system.I have SMTP/POP3 running on
> Win XP and working on a LAN and have given permission
> that any one on my LAN can create account.
> Lastday someone created account and i got the message
> of new account creation and when i checked i found
> that he was trying mutiple SMTP connections TO&FROM
> fake id. i got his ip.
> When i checked the logs from Eventviewer i found that
> Administrator loggedin twice from two different ip
> using the tlntsvr.exe service thts why i am thinking
> that the ip was fake.
> Is there any way i can find out how he got access and
> how he entered through tht SMTP port and the history
> tht wht he did on getting the cmd prompt or any other
> tracing trick.
> thanks,
> jai
 


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------