A
Amin Mohadjer
Last night someone tried to break into my Windows 2000 server by
trying all the user accounts. He did not go far as I had the account
policy set to locking out on 3 tries but I am puzzled as to how the
hacker obtained the user name for accounts since this wasn't a case of
blind dictionary attack. He only tried the accounts that existed on
the box, no less, no more (IUSR_COMPUTERNAME, IWAM_COMPUTERNAME,
guest, administrator).
I am concerned. What do you suggest I should do? I ran NAV and it did
not find any virus or worm.
Has anyone heard of a vulnerability such as this? Right now I am
up-to-date on patches but perhaps I caught up with one too late to had
closed the door in time.
Regards
Amin
P.S. Please remove no_spam_555_ from the email address if replying
directly.
trying all the user accounts. He did not go far as I had the account
policy set to locking out on 3 tries but I am puzzled as to how the
hacker obtained the user name for accounts since this wasn't a case of
blind dictionary attack. He only tried the accounts that existed on
the box, no less, no more (IUSR_COMPUTERNAME, IWAM_COMPUTERNAME,
guest, administrator).
I am concerned. What do you suggest I should do? I ran NAV and it did
not find any virus or worm.
Has anyone heard of a vulnerability such as this? Right now I am
up-to-date on patches but perhaps I caught up with one too late to had
closed the door in time.
Regards
Amin
P.S. Please remove no_spam_555_ from the email address if replying
directly.