General discussion

Locked

W2K dialup problems, hacked?

By Borg7of9 ·
I have a small test network, with one Windows2000 server. As this is a test network, I have only 56k dial up, and I dial in mostly from the server. As of today, If I connect via dial up, I can not disconnect at all. The only way is to re-boot the server. In trying to trouble shoot, I went to look at Services, and I could not right click to look at services properties either.

Although the test workstations have stuff like zone alarm, I had no firewall protection on the server, has the system been hacked? How do I tell, and how would I fix this?

Also, I wanted to run zonealarm on this server, but had trouble getting it to work with zonealarm on the workstations.

Any help at all would be much appreciated!!
Thanks

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to W2K dialup problems, hack ...

does the event log have anything to say? something is crashing RAS or something...bet you could fix it without rebooting by stopping and restarting the service...i know this doesn't really help but maybe could add some clues...

Collapse -

by Borg7of9 In reply to

Poster rated this answer.

Collapse -

by Frank-MW In reply to W2K dialup problems, hack ...

Hacked or not hacked, you need to solve this. Uninstall all network componenets including RAS.
And reinstall to see if clearing the TCP/IP stack this way worked.
Since this is a test network. Save your settings and reinstal your W2K Server box, no better way to get rid of any paranoia.

Collapse -

by Borg7of9 In reply to

Poster rated this answer.

Collapse -

by Borg7of9 In reply to W2K dialup problems, hack ...

I will try re-installing networking components, just to see, although at this point I doubt thats it. I have now done a complete review of all event logs, and the only strange thing I noticed is a few days ago there was about ten failed attempts to log in as user "test" of which there is no user.

I know I could do a re-install, but the whole point of my question, is that since this is simply a testing server, this is a chance to take my time and learn how it was hacked. SO I would like to try and solve this see. Since posting, I have also run a trojan scanner and that came up clean as well.
Also, the antivirus is upto date, and just in case I verifed got the latest blast virus and the system was clean.

Concerning the event logs, I have event id's 300/301/302 with the source ESENT which I have not seen before.

Collapse -

by Joseph Moore In reply to W2K dialup problems, hack ...

This is the RPC vulnerability and the new Blaster worm.

http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.html

Get the patches from Microsoft for it:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp


hope this helps

Collapse -

by Borg7of9 In reply to

Poster rated this answer.

Collapse -

by Borg7of9 In reply to W2K dialup problems, hack ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums