Re: Re: They got me!!!

[pentesticle () yahoo com]

Yes, I want to learn something from this so want to find out what/how the access was obtained. I feel I have the 
computers as secure as Microsoft allows (WinXP Pro). I check for patches regularly (weekly). I have most built-in 
accounts disabled. The accounts all run at a regular user priviledge. This particular machine does act as a print 
server for my network, but I have anonymous access restricted and only allow authenticated connections. I restrict 
remote admin access, but not sure if it can be bypassed somehow. The kids do play the internet games and surf the funny 
video sites and I do have a teen that check web mail, but none of them are "supposed" to have access to install (ie 
regular user account). I have software firewalls (Symantec) running on the machine behind a Linksys router/firewall as 
my gateway. So far I haven't any spyware on the box, only attempts, when I run my nightly scans and review the logs 
files.

Since I didn't have my sniffer running at the time I really want to see if I can find out what happened and how it 
happened. I'm somewhat concern if my border device may possibly be compromised as well. Unfortunately Linksys is pretty 
limited on the abilities to manage the device. None of my other PC's on the network seem to show any indication of 
compromise, but again this one in particular is slightly less secure for the sharing of the printer.

Any additional information is much appreciated.

Thanks...

Hopefully I'll be able to put the pieces together.