Need more details: OS, version, Active Directory or not, any security templates used, is server connected to Internet, any unauthorized outgoing ports active, etc.
How do you know you're hacked? IPC$ share going away by itself doesnt' mean you're hacked. Give us more clues. It's not to any hacker's advantage to turn off IPC$. Causes too many problems that will be readily noticed by the user. I'm guessing someone is playing with securing the server. Administrative shares can be turned off a few different ways....named pipes (IPC$ is involved) can be turned off and secured a few different ways, too. Where in the registry have you looked so I can tell you where else to look? Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: [EMAIL PROTECTED] *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) **************************************************************************** ***** ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 14, 2003 11:26 AM Subject: Ipc$ share hack > We have a server that has been hacked. The hackers have put a tool that > turns of the IPC$ share. We checked the registry nothing there. It seems to > be time based but nothing comes up on the scheduler. > > When we reboot for a while everyone can connect to the server but in a > minutes the ipc$ share disappears and "the server is not configured for > transactions" appear. If we do net share IPC$ on the server, computer can > connect for a while but the share goes away again. > > I ran all sorts of antivirus and Trojan horse scanners no luck. > > Anyone have a solution. Deeply appreciated > > SKP > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
