Re: Hack Attempt on Windows 2003 AD Native

From: Herb Martin (news_at_LearnQuick.com)
Date: 11/24/04

Next message: Bill: "Re: Machines with Samba acting as Domain Controllers."
Previous message: Ryan Hanisco: "Re: Domain merge"
In reply to: JJ: "Hack Attempt on Windows 2003 AD Native"
Next in thread: stuartm: "Re: Hack Attempt on Windows 2003 AD Native"
Reply: stuartm: "Re: Hack Attempt on Windows 2003 AD Native"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 24 Nov 2004 11:18:26 -0600

The Admin account is a well-known SID and so the renaming
(which we all do anyway) is not really a significant security
step (except against the naive hacker who depends on the name.)

-- 
Herb Martin
"JJ" <jj@stokes.net> wrote in message
news:uNQ42Tk0EHA.1392@tk2msftngp13.phx.gbl...
> Source IPs of machines trying to hack my servers...
>
> 80.108.107.98
> 216.104.175.22
> 216.60.115.194
> 65.92.174.189
>
>
>
> My servers on the Internet are:  1 DC/Exchange 2003, Sharepoint Portal
2003,
> and File Server
>
>
> Question to you guys...I have a network which I maintain...I review the
logs
> every other day and noticed that those IPs above were attmpting to hack
into
> my servers which are on the Internet...
>
> All my machines are Windows 2003.
>
> The funny thing is that when I changed the PASSWORD and renamed the
> Administrator account (Domain Admin) - next day, from those source address
> they were attempting to connect again but using the NEW Admin account I
> created!
>
> How are they finding out or enumerating the Admin account username -
because
> I renamed it?!
>
> Unfortunately...we do not have a firewall...getting it this weekend...but
my
> question is not about this (I know I need to PUSH for a firewall ASAP).
>
>
>
>
>

Next message: Bill: "Re: Machines with Samba acting as Domain Controllers."
Previous message: Ryan Hanisco: "Re: Domain merge"
In reply to: JJ: "Hack Attempt on Windows 2003 AD Native"
Next in thread: stuartm: "Re: Hack Attempt on Windows 2003 AD Native"
Reply: stuartm: "Re: Hack Attempt on Windows 2003 AD Native"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Hack Attempt on Windows 2003 AD Native
... > Source IPs of machines trying to hack my servers... ... > My servers on the Internet are: ... > they were attempting to connect again but using the NEW Admin account I ...
(microsoft.public.windows.server.active_directory)
Re: Hack Attempt on Windows 2003 AD Native
... If you have a firewall then all is good. ... > Source IPs of machines trying to hack my servers... ... > they were attempting to connect again but using the NEW Admin account I ...
(microsoft.public.win2000.active_directory)
Re: Hack Attempt on Windows 2003 AD Native
... If you have a firewall then all is good. ... > Source IPs of machines trying to hack my servers... ... > they were attempting to connect again but using the NEW Admin account I ...
(microsoft.public.windows.server.active_directory)
Re: Add server to SBS network?
... join those servers to the domain. ... >> using a local admin account on a member server. ... >> Microsoft SBS-MVP ... >> Take part in SBS forum: ...
(microsoft.public.windows.server.sbs)
Advanced Server with AD Network Access
... I've got 3 servers. ... AD admin account, and I can access the first without any problems. ... The third machine ... event log. ...
(microsoft.public.win2000.security)