Well i am in mauritius and we run some windows 2000 servers with sp4 and all updates. We are connected to the internet and used Norton Corporate Antivirus. Unfortunately i am having some people accessing my servers using the port 4899 vulnerability as i use Remote Admin V2.1. Can you people please suggest a way i can protect myself and my network againts that kind of intrusing
This conversation is currently closed to new comments.
There is an exploit out for RemoteAdmin 2.1 (and 2.0, AFAIK). It does allow remote code execution in the RemoteAdmin service. This is possibly what people are using against your servers. There is NO new version of RemoteAdmin, nor a patch to fix this. So, how can you protect your servers??? DON'T run RemoteAdmin on servers that you can connect to over the Internet! It is a better thing to run a VPN connection into your network, then launch RemoteAdmin through the VPN tunnel. This way, you don't open the RemoteAdmin port on the machines at the firewall, so no Internet access to the port. Only VPN-authenticated users could connect to RA.
You can configure Radmin to use any port number you like if it's easier than using VPN - make it a bizarre number only your people know. You can also use NT security to restrict access.
There is also a new version of Radmin v3.0 which is currently in beta and which you get as a free upgrade from v2.1. I don't know whether it addresses this concern - but you could check it out: http://www.famatech.com/radmin/new/
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Security Against Port 4899 Abuse
Well i am in mauritius and we run some windows 2000 servers with sp4 and all updates. We are connected to the internet and used Norton Corporate Antivirus. Unfortunately i am having some people accessing my servers using the port 4899 vulnerability as i use Remote Admin V2.1.
Can you people please suggest a way i can protect myself and my network againts that kind of intrusing