Security Problem

Toggle sidebar Toggle sidebar
C

CSMOOTH

Member
Nov 7, 2001
180
0
0
Hey guys, could use your help... here is my problem:

I am running a Win2K Server Network at home and have 3 client computers. I am using a Linksys router and have not set up Active Directory. I was running IIS for a while but took it down recently.

All of a sudden like 3 days ago all of these logon attempts show up in my security log and I have no idea where they are coming from. I used shields-up and supposedly all of my ports are stealthed... There is incoming activity that was logged at the router with destination ports 2427, 2416, and 137.

I know that 137 is the net-bios port. How can I make sure that it is not open to the internet (137-139 and 445)??? and how can I get more information about the failed logins?
 
S

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
If you are behind a router, and you have not specifically opened port 137, it wont be accessible to anyone on the net.

Likely your router is logging attempts to connect, but there are no actual connections occuring.

The internet is a busy place. Stuff like this happens all the time, that's what your router/firewall is for, don't sweat it.
 
C

CSMOOTH

Member
Nov 7, 2001
180
0
0
But the actual problem is that there were tons (read 100's) logon attempts that showed up in the security log on the server. So I guess the question is more something like Is there a way to move past the router to the server even with no ports forwarded?
 
C

CSMOOTH

Member
Nov 7, 2001
180
0
0
So how would you tell if the net-bios is exposed to the outside world? I have forwarded the 4 net-bios ports to a non-existant IP address from the router and suddenly the logon attempts have stopped.
 
G

gunrunnerjohn

Golden Member
Nov 2, 2002
1,360
0
0
The "attempts" have stopped being logged, because they're being sent on to be handled inside your network. Since there's no machine there, nothing happens there. The "attempts" are probably still coming, just not getting answered.
 
R

RhythmAddict

Member
Sep 15, 2003
114
0
0
Why dont you go somewhere else...and see what you can do to your own network..run portscans, exploits, etc ?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |