Re: Attacker used MDM to gain access to client PC's
- From: "Pop" <Iknowyouwantit@xxxxxxx>
- Date: Thu, 18 Jan 2007 08:32:29 -0000
Hi Steve, just some information..
VNC is pretty good (for internal use, dont open a port to the internet to
allow remote connections)
http://www.realvnc.com/
http://www.tightvnc.com/
Free programs to allow you to connect to users pc and see / interact with
their screen. RDP user cant see what you are doing.
If remote can goto server / remote pc and then connect to user pc, if in the
office on 10th floor and need to look at pc in basement just start up vnc.
If firewalls on pc (xp) then need to put it in exclusion. Its a bit slow but
then in options can ask vnc to remove desktop so it will speed up.
"Pop" <Iknowyouwantit@xxxxxxx> wrote in message
news:OZkjHOtOHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx
I would also just check what ports are open, if having so many attacks
there maybe somethig open that shouldn't that hacker is trying to exploit
Visit www.grc.com and chose Shields Up to test which ports are open...
post replies
"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
wrote in message news:us6SdtqOHHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
Because standard is merely the RRAS firewall. Port 25 pings are normal.
What ports are they scanning you on?
ISA can 'thwart' this in the premium.
But ping me... we need to lift you up to a PSS security investigation.
Steve Belt wrote:
"SuperGumby [SBS MVP]" wrote:
IF (BIG IF) an attacker got into MDM you have other problems. Describe
your setup.
On a properly configured SBS network any access to MDM would have to be
initiated by the client.
Please see my reply on Pop's post for my setup, and then if that's not
enough detail, let me know what further I can do to provide more detail.
I can say that my server gets an attack almost daily, where someone
attempts to log in and is denied. My password and administrator's
password are pretty strong, so it appears as those these attempts are
unsuccessful, but in my daily report I see 3-15 failed login attempts
nearly every day. I sure wish that SBS had better tools for me to use
to thwart those attempts (If looking in the log makes it obvious to me,
why isn't it obvious to the OS, and why isn't the offending IP perma
blocked from future attempts?)
A virus scan on the PC and the server report nothing found, but a few
tracking cookies on the PC.
Steve Belt
"Steve Belt" <SteveBelt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AD655431-F9BC-423F-B278-D02255D3D6C2@xxxxxxxxxxxxxxxx
Today, an attacker used MDM to gain access to one of my client PC's
behind my
Small Business Server (we have just 8).
This was obviously very troubing. I've gone around and disabled the
service
(Machine Debug Manager), but I have to say I'm quite troubled by the
intrusion. Fortunately, we figured out the attack and squashed it in
only a
couple of minutes, so nothing seems to have been stolen/changed/lost,
but
moving forward, I'd like to know what I should change to tighten up my
small
business' networking environment.
Out of the box, I'm expecting that my server is keeping any access to
the
PC's secure, aside from a user that has been validated. Perhaps
that's an
unrealistic expectation, but one I definitely have, nonetheless. I
can
accept the daily pounding my server takes from attacks, since its
exposed to
the "internet" live, but the office PC's, I'm expecting to be 100%
secure, to
a threat as this.
--
Steve Belt
.
- References:
- Re: Attacker used MDM to gain access to client PC's
- From: SuperGumby [SBS MVP]
- Re: Attacker used MDM to gain access to client PC's
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Attacker used MDM to gain access to client PC's
- From: Pop
- Re: Attacker used MDM to gain access to client PC's
- Prev by Date: RE: SBS 2003 and Windows Media Player 10 or 11 used for music on hold
- Next by Date: Re: "Microsoft Windows SharePoint Services 3.0 setup did not complete successfully" on SBS 2003
- Previous by thread: Re: Attacker used MDM to gain access to client PC's
- Next by thread: Backup Exec 11D Agents/ Cals/ SQL Agents, questions etc?
- Index(es):
Relevant Pages
|
