aw, crap, computer was running IIS ftp with anon enabled

[tart666]

damn stupid iis, enabling anonymous by default, and then warning you AGAINST turning it off...

the bigger problem was, Kerio was acting up, so I turned it off to test if was the problem. It was, so I switched to windows firewall. Which does not have "Trusted Zones". So ftp was open to everyone on the internet, with write-privileges access for anonymous.

Now, does anyone think I should format, or just a virusscan should suffice?

 

[Crusty]

:Q

I would backup what you need and do a format, don't forget to get the logs and take the IP's and report them to their ISP.

 

[KC5AV]

No kidding. There's no telling what else you have in there.

 

[spidey07]

sorry, but I'd say format. as said, you have no idea what's running on that box and it would be easier to format than to clean.

Otherwise there are some articles on technet on how to remove files you can't seem to delete.

 

[tart666]

k, looks like a reformat. Thx, guys.

 

[skyking]

a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

 

[tart666]

Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled

 

[spidey07]

Originally posted by: tart666

Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?

 

[tart666]

Originally posted by: spidey07
your sysadmins need to be fired immediately. They allowed an internal host to be hacked?

I am at a college, so the network is pretty loose, it's all up to me I guess. I was running IIS so I could get some files off of my office computer when I am at home, I guess should be more careful with firewalls when IIS is on.

PS: anyone care to help me setup my MAPI through Sygate (Text) after all this? Please?

PPS: btw, this is after a reformat, clean SP2 install...

 

[Zuke]

There's still no excuse for the situation. Lousy sysadins (if you can call 'em that).

 

[Thor86]

Originally posted by: spidey07

Originally posted by: tart666

Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?

I have to agree, this was sloppy and careless in their part.

 

[VirtualLarry]

I'm slightly amazed that an "office" network, isn't running some sort of perimeter firewall at the gateway, but instead depends on users to run a host-based firewall? Nothing against host-based protection, mind you, should a worm get past the front gates, but not having any "front gates" at all? Whoa.

PS. Don't forget to burn those movies to DVD before reformatting, you might need to save the "evidence", especially if the movies happen to be good ones.

 

[DAPUNISHER]

Originally posted by: tart666the bigger problem was, Kerio was acting up, so I turned it off to test if was the problem. It was, so I switched to windows firewall. Which does not have "Trusted Zones". So ftp was open to everyone on the internet, with write-privileges access for anonymous.

The windows firewall in SP2 has an exceptions tab where you can uncheck the box next to your FTP software to prevent access. I run FlashFXP and it auto-added it to my exceptions control list and checked it as an exception by default so I just uncheck the box when not in use. I also have a router with NAT and another software firewall but I don't think the built-in firewall would do too bad a job on its own, not gonna find out though

 

[bleuless]

Originally posted by: VirtualLarry
I'm slightly amazed that an "office" network, isn't running some sort of perimeter firewall at the gateway, but instead depends on users to run a host-based firewall? Nothing against host-based protection, mind you, should a worm get past the front gates, but not having any "front gates" at all? Whoa.

PS. Don't forget to burn those movies to DVD before reformatting, you might need to save the "evidence", especially if the movies happen to be good ones.

i wouldn't do it. might be kiddie porn or stuff that you don't want to see. who knows you could be traumatized for life.

 

[ColdZero]

Thats actually a problem for office networks. In your agreement you have to either state it is not your responsibility to filter traffic or be ready to take the brunt of lawsuits from employees that may be traumitized.

 

[ITJunkie]

Originally posted by: spidey07

Originally posted by: tart666

Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?

^Exactly^ Probably the only reason they are against NAT's are their lack of understanding them! Fire them now!!

 

[tart666]

Originally posted by: ITJunkie

Originally posted by: spidey07

Originally posted by: tart666

Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?

^Exactly^ Probably the only reason they are against NAT's are their lack of understanding them! Fire them now!!

dude, in a university with 20,000 students, nobody's gonna listen to me... anyway, I guess i will try to get used to the xp firewall...