Is my server being broken into?

  • Thread starter Thread starter proggy
  • Start date Start date
P

proggy

Hi all,

I have Windows 2000 Server installed as a standalone machine. I use it to
access the Internet with a dial-up account.

I have auditing turned on and I have noticed in the security event log that
during certain times of the day, usually late afternoon around 4:30 pm,
there are attempts to log into my server.

The log shows the names of various Domains and Workstations attempting to
log in to my machine using usernames such as, administrator, god, test,
student, teacher, user. Often these are in english, at other times they are
in languages such as spanish, french or german.

The log indicates that they failed to log in. Naturally, because I have very
good passwords on the 5 or so accounts on that machine.

What is happening here and how can I prevent these log in attempts in the
first place.

I have installed ZoneAlarm, but so far I've not been able to get it to work
for me. It just blocks every application from accessing the Internet even
after giving all relevant applications full access. It's a puzzle.

Most of all, I would love to know how my machine is found on the Internet
and how these attempted unauthorized logon attempts can happen in the first
place.

Thanks.
 
Since you are on a stand alone machine, disable file and print sharing on your
internet connection. That is where hackers are getting access to your machine, after
all the internet is just one big network. A port scan from a hacker would show that
you have those and other ports open. Go to http://scan.sygatetech.com/ and do a quick
scan to see what it reports are far as vulnerabilities. Normally I would recommend a
cable/dsl router for protection due to ease of configuration and low cost but I am
not sure if they will work with a dial up though I know some do have dial up "back
up" capability which may work for you. I would uninstall Zone Alarm and then
reinstall it trying again being sure to let it grant outbound port 53 UDP for dns in
addition to your applications. --- Steve

http://www.microsoft.com/security/protect/
 
install a sniffer to see whats going on there.
this will tell you how the "attacks" are taking place.
4:00 PM is a good sign & where to look for the PCs messing with you.

what virus scaning software do you have ?
update it & do a full scan.........................
 
Back
Top