windows 2000 server being hacked.

ok, here is what i did, I locked down the server setup a kelogger, and ran a
bootstrap logger.

i left, when i came back, i found out it was an inside job.

my 9 and 10 year olds. They were on the net., found a windows recovery cd
that can be burnt to cd. and booted, Via linux, from there they rebooted my
server using the cd, and then created admin accounts, form there, they
logged in with that, renamed everything and then logged out, from there they
rebooted the system deleted the admin logs and normal logs.

when i discovered this, i confronted them, and they laughed and said, aww
man we got busted.

problem solved. they are grounded, and no more computers for a month.

thanks for the guy who smelled the inside job. that was it.

just to let you know , i had 2 routers, 3 firewalls. and an anti imcp ping
filter. so i was flabbergasted as to how they were getting in.

junkmail

"junkmail" <> wrote in message
news:B7hmg.9284$ nk.net...
> ok, here is what i did, I locked down the server setup a kelogger, and ran
> a
> bootstrap logger.
>
> i left, when i came back, i found out it was an inside job.
>
> my 9 and 10 year olds. They were on the net., found a windows recovery cd
> that can be burnt to cd. and booted, Via linux, from there they rebooted
> my
> server using the cd, and then created admin accounts, form there, they
> logged in with that, renamed everything and then logged out, from there
> they
> rebooted the system deleted the admin logs and normal logs.
>
> when i discovered this, i confronted them, and they laughed and said, aww
> man we got busted.
>
> problem solved. they are grounded, and no more computers for a month.
>
> thanks for the guy who smelled the inside job. that was it.
>
> just to let you know , i had 2 routers, 3 firewalls. and an anti imcp ping
> filter. so i was flabbergasted as to how they were getting in.

Dude, I feel for ya.

You were easier on them than I would have been.

I would have broken them in multiple pieces :-}

It all depends on whether there is important data that was getting sent
somewhere.

I will admit though, they gave you a perfect reason for a disaster recovery
plan.

Glad you found the problem.

late
moncho

moncho

Sebastian Gottschalk wrote:
> Rick Merrill wrote:
>
>>get a freaking router!
>
>
> Why? He doesn't need any routing.

A router closes the ports that are not being used - which is one way
that hackers get access to your computer.

Rick Merrill

Rick Merrill wrote:
> Sebastian Gottschalk wrote:
>> Rick Merrill wrote:
>>
>>> get a freaking router!
>>
>>
>> Why? He doesn't need any routing.
>
> A router closes the ports

Utter nonsense.

> that are not being used - which is one way
> that hackers get access to your computer.

Even more bullshit.

And why should someone use a router for such a job?

Sebastian Gottschalk

"Sebastian Gottschalk" <> wrote in message
news:...
> Rick Merrill wrote:
> > Sebastian Gottschalk wrote:
> >> Rick Merrill wrote:
> >>
> >>> get a freaking router!
> >>
> >>
> >> Why? He doesn't need any routing.
> >
> > A router closes the ports
>
> Utter nonsense.

That is true, but!! you can use a router to port forward. like outsite port
80 to inside port 67450 etc.

but closing ports via a router, cant happen. firewalls close ports. not
routers.

>
> > that are not being used - which is one way
> > that hackers get access to your computer.
>
> Even more bullshit.
>
> And why should someone use a router for such a job?

a router does not stop or even slow down hackers.

a fire wall will slow them down. but not stop a determined hacker.

junkmail

junkmail wrote:

> but closing ports via a router, cant happen. firewalls close ports. not
> routers.

Firewalls don't close ports either. They restrict port access. Ports are
closed by deactivating the service or the client. Better re-read RFC 793.

>>> that are not being used - which is one way
>>> that hackers get access to your computer.
>> Even more bullshit.
>>
>> And why should someone use a router for such a job?
>
> a router does not stop or even slow down hackers.
>
> a fire wall will slow them down. but not stop a determined hacker.

Hm... a serious firewall will reliably deny outside access to an inside
service. If that's the only way of compromise, you really made it there.

Anyway, denying access to accidentially misconfigured services can also
be done a simple packet filter on the host itself. No need for putting
any additional device there.

Sebastian Gottschalk

Sebastian Gottschalk wrote:

> Rick Merrill wrote:
>
>>Sebastian Gottschalk wrote:
>>
>>>Rick Merrill wrote:
>>>
>>>
>>>>get a freaking router!
>>>
>>>
>>>Why? He doesn't need any routing.
>>
>>A router closes the ports
>
>
> Utter nonsense.
>
>
>>that are not being used - which is one way
>>that hackers get access to your computer.
>
>
> Even more bullshit.
>
> And why should someone use a router for such a job?

You do not know what you are talking about. Ploink!

Rick Merrill

Rick Merrill wrote:

>>> A router closes the ports

>>> that are not being used - which is one way
>>> that hackers get access to your computer.

> You do not know what you are talking about.

Ha ha ha.

> Ploink!

It's no disgraced to be ignored by an idiot.

Sebastian Gottschalk