SOCKs Hack? and not the ones you put onto your feet.

[Robert Wright <rjw1150 () NEO LRUN COM>]

Thank you for taking time to read this email.
        I am a network administrator assistant (aka a gopher =) ) any way to get to
the point, the network administrator and i are both new employee's. The
company who we work for uses a poorly configured MS Proxy 2 on NT 4
(hopfully this wont be for long). My network administrator monitors the
server every day usally, today however we had a scary moment we _THINK_. On
proxy theres severial services ( web proxy, winsock, sock, and another one i
forget) any how on SOCK we had a external connection. My network
administrator noticed this, and didnt think it was a good thing and started
up a network monitoring program, he captured all the packets involved with
this server. We tried to stop the service however it wouldnt let us. My
network administrator tryed to check the logs however there wernt any! This
however we think might have been to the prior network admins poor
configuration. He configured the table as there is no external NIC. Our
external NIC is in the lan table. IE no packet filtering. We examined the
packets (best we could) and all we really saw was TCP http requests, and DNS
requests. There were a few NetBios request however they were denied. We do
have this guys IP and such however if theres nothing really wrong im not
going to email his provider. I hope this will provide information enough
that someone can help me out. I am currently browsing all of the security
news groups and websites.

Thanks again.

Robert Wright