account names exposed!

  • Thread starter Thread starter Calvin Lai
  • Start date Start date
C

Calvin Lai

Hi all,

I have a computer w/ IPSec set on 135-139 plus FTP and Terminal Service as
blocked (except from a certain users w/ sepcific IP) already. However, I
still see a lot of attempts by those intruders from time to time in my even
log. The thing that concern me most is that they somehow able to fetch the
account names of my computer. Does anyone know where I should go for more
info this problem? Thanks a lot.

Calvin
 
You're doing it backwards. Allow what you need; don't block what you think
that you don't need. That'll be a good start...
 
I have a computer w/ IPSec set on 135-139 plus FTP and Terminal Service as
blocked (except from a certain users w/ sepcific IP) already. However, I
still see a lot of attempts by those intruders from time to time in my even
log. The thing that concern me most is that they somehow able to fetch the
account names of my computer. Does anyone know where I should go for more
info this problem?
Click to expand...

Check your event logs, your firewall logs and so on. And stop ytrying
to "block" ports you don't want people accessing. Lock everything and
open only what you need.

Jeff
 
I think you would be better served with a firewall and there are free ones available
if you do not want to buy one. The other problem I see is your defense strategy. You
would be much better served by blocking all access in and out and then creating the
authorized exceptions instead of blocking certain ports. Go to
http://scan.sygatetech.com/ and do a basic scan an I bet you find holes -with 445
being a major one which is also used for file and print sharing in W2K. See the
links below for more information.

http://www.webattack.com/Freeware/security/fwfirewall.shtml
http://www.microsoft.com/security/protect/
http://www.robertgraham.com/pubs/firewall-seen.html
 
Back
Top