Security Incidents mailing list archives
Re: SOCKs Hack? and not the ones you put onto your feet.
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 20 Sep 2000 15:07:33 -0700
On Tue, 19 Sep 2000, Robert Wright wrote:
forget) any how on SOCK we had a external connection. My network administrator noticed this, and didnt think it was a good thing and started up a network monitoring program, he captured all the packets involved with this server. We tried to stop the service however it wouldnt let us. My network administrator tryed to check the logs however there wernt any! This however we think might have been to the prior network admins poor configuration. He configured the table as there is no external NIC. Our external NIC is in the lan table. IE no packet filtering. We examined the packets (best we could) and all we really saw was TCP http requests, and DNS requests. There were a few NetBios request however they were denied. We do have this guys IP and such however if theres nothing really wrong im not going to email his provider. I hope this will provide information enough that someone can help me out. I am currently browsing all of the security news groups and websites.
You don't actually ask a question that I can see in there... let me make up a couple. Did you get hacked? Quite possibly... if you did indeed get a packet capture of it, someone can probably tell you for sure. Can you put the capture file up on a web server somewhere, and send the list the URL? Were you hackable? If I'm reading you correctly, that your external interface had no filtering, then yes, you were probably easily hackable. What service pack are you running? Also note that an attacker can essentially have a command prompt via HTTP by using things like the RDS hole. We'd have to see the packet logs to know for sure. Ryan
Current thread:
- SOCKs Hack? and not the ones you put onto your feet. Robert Wright (Sep 20)
- Re: SOCKs Hack? and not the ones you put onto your feet. Ryan Russell (Sep 21)