Hack Attempt on Windows 2003 AD Native

From: JJ (jj_at_stokes.net)
Date: 11/24/04

• Next message: Michael Ellingson: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
• Previous message: Anthony Yates: "Re: Server Operators - can not logon"
• Next in thread: Herb Martin: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Herb Martin: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Massimo: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Ryan Hanisco: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Chad Mahoney: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Massimo: "Re: Hack Attempt on Windows 2003 AD Native"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 24 Nov 2004 10:45:08 -0600

Source IPs of machines trying to hack my servers...

80.108.107.98
216.104.175.22
216.60.115.194
65.92.174.189

My servers on the Internet are: 1 DC/Exchange 2003, Sharepoint Portal 2003,
and File Server

Question to you guys...I have a network which I maintain...I review the logs
every other day and noticed that those IPs above were attmpting to hack into
my servers which are on the Internet...

All my machines are Windows 2003.

The funny thing is that when I changed the PASSWORD and renamed the
Administrator account (Domain Admin) - next day, from those source address
they were attempting to connect again but using the NEW Admin account I
created!

How are they finding out or enumerating the Admin account username - because
I renamed it?!

Unfortunately...we do not have a firewall...getting it this weekend...but my
question is not about this (I know I need to PUSH for a firewall ASAP).

---

• Next message: Michael Ellingson: "Re: "Lock workstations" after certain idle time. Is it advisable to do it from 'server side' ?"
• Previous message: Anthony Yates: "Re: Server Operators - can not logon"
• Next in thread: Herb Martin: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Herb Martin: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Massimo: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Ryan Hanisco: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Chad Mahoney: "Re: Hack Attempt on Windows 2003 AD Native"
• Reply: Massimo: "Re: Hack Attempt on Windows 2003 AD Native"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Hack Attempt on Windows 2003 AD Native ... Source IPs of machines trying to hack my servers... ... (microsoft.public.windows.server.active_directory) Re: [help] 1 cpu to rule them all ... >> configuration and maintenance in one place is a lot more economical than ... it isn't the price of the hardware that makes it ... > You can make things easier by having lots of machines that are virtually ... > directories) on servers. ... (comp.os.linux.hardware) Re: Creating and AD domain ... > None of these machines are reachable from the internet, ... > access the internet, using existing DHCP and DNS servers. ... > As of now, I've got a domain created, the domain controller is up and has ... (microsoft.public.windows.server.active_directory) Re: How to access I/O port directly in VC6.0? ... As soon as you have standalone machines, ... Their "security" as far as servers was a joke; ... discovered the internal wireless network was completely unencrypted. ... (microsoft.public.vc.mfc) Re: Web Services DNS Round Robin ... w/ a LB machine inbetwen holding the single IP w/ several machines behind ... or later, as a DNS server. ... Suppose you have 50 identical www.heaven.af.mil web servers running on IP ... (microsoft.public.dotnet.languages.csharp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)