[Dshield] User accounts discovered please help!!!

Chris Mitchell cmitchell at smtusa.com
Mon Mar 15 19:10:08 GMT 2004


We have several Windows 2000 Servers, all latest patches and service packs
have been applied, Symantec Corporate with latest definitions loaded.  We
recently found in our logs that someone is trying to get into our servers
through valid user accounts.  I saw a recent post about this but all I can
remember is that it was suggested that NetBIOS was running on the system and
it was exploited there.  We only have TCPIP installed, can anyone on the
list offer an explanation as to how our user accounts were found.  Every
account was tried from the IUSR_Machine name to an ASP_Net account to the
admin account, which had been renamed previous to this happening.

Any help is greatly appreciated.

Chris




More information about the list mailing list