Re: Hack Attempt on Windows 2003 AD Native

From: Chad Mahoney (spamme_at_mah0ney.com)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 13:33:57 -0500

80.108.107.98 ------------chello080108107098.27.11.vie.surfer.at ]

216.104.175.22 --------- TierraNet Inc.

216.60.115.194 ------------- SBC Internet Services - Southwest

65.92.174.189 ---------
SE-Montreal-ppp344563.sympatico.ca ]

Above are the registrants of those IP's... BTW how/why do you think they are
hacking? It could be just a trojan trying to propagate from an infected
PC... If you have a firewall then all is good.

hth,

Chad

"JJ" <jj@stokes.net> wrote in message
news:uNQ42Tk0EHA.1392@tk2msftngp13.phx.gbl...
> Source IPs of machines trying to hack my servers...
>
> 80.108.107.98
> 216.104.175.22
> 216.60.115.194
> 65.92.174.189
>
>
>
> My servers on the Internet are: 1 DC/Exchange 2003, Sharepoint Portal
> 2003, and File Server
>
>
> Question to you guys...I have a network which I maintain...I review the
> logs every other day and noticed that those IPs above were attmpting to
> hack into my servers which are on the Internet...
>
> All my machines are Windows 2003.
>
> The funny thing is that when I changed the PASSWORD and renamed the
> Administrator account (Domain Admin) - next day, from those source address
> they were attempting to connect again but using the NEW Admin account I
> created!
>
> How are they finding out or enumerating the Admin account username -
> because I renamed it?!
>
> Unfortunately...we do not have a firewall...getting it this weekend...but
> my question is not about this (I know I need to PUSH for a firewall ASAP).
>
>
>
>
>

Relevant Pages

  • Re: Ports 4162-4335
    ... I haven't got these ports open; my firewall caught and reported these scans. ... It was something I haven't seen before and looked similar to a hack. ... The source address varied from DNS servers to video servers to unknown IPs. ... > Microsoft Online Support ...
    (microsoft.public.security)
  • Re: Hack Attempt on Windows 2003 AD Native
    ... > Source IPs of machines trying to hack my servers... ... > My servers on the Internet are: ... > they were attempting to connect again but using the NEW Admin account I ...
    (microsoft.public.win2000.active_directory)
  • Re: Hack Attempt on Windows 2003 AD Native
    ... > Source IPs of machines trying to hack my servers... ... > My servers on the Internet are: ... > they were attempting to connect again but using the NEW Admin account I ...
    (microsoft.public.windows.server.active_directory)
  • Re: Hack Attempt on Windows 2003 AD Native
    ... If you have a firewall then all is good. ... > Source IPs of machines trying to hack my servers... ... > they were attempting to connect again but using the NEW Admin account I ...
    (microsoft.public.windows.server.active_directory)
  • RE: Hack Attempt on Windows 2003 AD Native
    ... > and File Server ... > every other day and noticed that those IPs above were attmpting to hack into ... > they were attempting to connect again but using the NEW Admin account I ... > question is not about this (I know I need to PUSH for a firewall ASAP). ...
    (microsoft.public.win2000.active_directory)