--On Thursday, February 20, 2003 12:57 PM -0500 Paul Stewart
[EMAIL PROTECTED] wrote:
We have no idea how this person has managed to gain some form of
access to these servers and are obviously quite concerned.
What services are the servers running? Are the machines *fully*
patched?
We've had
a bell to me though :(
-Original Message-
From: Paul Stewart [mailto:[EMAIL PROTECTED]
Sent: donderdag 20 februari 2003 P 18:57
To: [EMAIL PROTECTED]
Subject: Windows 2000 Server Attacks
Hi there..
In the past week we've had a number of Windows 2000 servers
get hit by someone
Paul,
The filename of the software that is responsible we
believe to be msudb32.exe
how did you come to this conclusion? Did you run
fport to determine that this is the file/process using
port 24?
What other services do you have running? HTTP? FTP?
How about your EventLogs? Do they
Hi there..
In the past week we've had a number of Windows 2000 servers get hit by
someone uploading warez into hidden directories. Software seems to get
installed that is trying to make outbound connections via port 24. We
are seeing a whack of attempts to connect on various ports ranging