Security Incidents mailing list archives
SOCKs Hack? and not the ones you put onto your feet.
From: Robert Wright <rjw1150 () NEO LRUN COM>
Date: Tue, 19 Sep 2000 18:41:51 -0400
Thank you for taking time to read this email. I am a network administrator assistant (aka a gopher =) ) any way to get to the point, the network administrator and i are both new employee's. The company who we work for uses a poorly configured MS Proxy 2 on NT 4 (hopfully this wont be for long). My network administrator monitors the server every day usally, today however we had a scary moment we _THINK_. On proxy theres severial services ( web proxy, winsock, sock, and another one i forget) any how on SOCK we had a external connection. My network administrator noticed this, and didnt think it was a good thing and started up a network monitoring program, he captured all the packets involved with this server. We tried to stop the service however it wouldnt let us. My network administrator tryed to check the logs however there wernt any! This however we think might have been to the prior network admins poor configuration. He configured the table as there is no external NIC. Our external NIC is in the lan table. IE no packet filtering. We examined the packets (best we could) and all we really saw was TCP http requests, and DNS requests. There were a few NetBios request however they were denied. We do have this guys IP and such however if theres nothing really wrong im not going to email his provider. I hope this will provide information enough that someone can help me out. I am currently browsing all of the security news groups and websites. Thanks again. Robert Wright
Current thread:
- SOCKs Hack? and not the ones you put onto your feet. Robert Wright (Sep 20)
- Re: SOCKs Hack? and not the ones you put onto your feet. Ryan Russell (Sep 21)