we have a PROBLEM with someone running a DOS based pc restart utility from outside the company. we use a private IP address but have NAT for our NW 5.1 Netscape webserver which acts as our GroupWise web access piece. it looks like the utility was run by someone logged into an NTDS Domain as administrator. after terminating our lan manager we changed the account password, but since have found atomic.log keylogger installed on two NT servers. our guess is the attacks are coming from an unplugged VPNS hole, but i want to make certain that the NetWare 5.1 server and Netscape aren’t a potential hole. has anyone experience with this? thanks
Jerry Heineman
Sr. Network Manager
Crain Communications
313.446.6093