• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

aw, crap, computer was running IIS ftp with anon enabled

T

tart666

Golden Member
damn stupid iis, enabling anonymous by default, and then warning you AGAINST turning it off...

the bigger problem was, Kerio was acting up, so I turned it off to test if was the problem. It was, so I switched to windows firewall. Which does not have "Trusted Zones". So ftp was open to everyone on the internet, with write-privileges access for anonymous.

Now, does anyone think I should format, or just a virusscan should suffice?
 
:Q

I would backup what you need and do a format, don't forget to get the logs and take the IP's and report them to their ISP.
 
sorry, but I'd say format. as said, you have no idea what's running on that box and it would be easier to format than to clean.

Otherwise there are some articles on technet on how to remove files you can't seem to delete.
 
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
 
Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
Click to expand...

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled
 
Originally posted by: tart666
Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
Click to expand...

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled
Click to expand...

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?
 
Originally posted by: spidey07
your sysadmins need to be fired immediately. They allowed an internal host to be hacked?
Click to expand...

I am at a college, so the network is pretty loose, it's all up to me I guess. I was running IIS so I could get some files off of my office computer when I am at home, I guess should be more careful with firewalls when IIS is on.

PS: anyone care to help me setup my MAPI through Sygate (Text) after all this? Please?

PPS: btw, this is after a reformat, clean SP2 install...
 
Originally posted by: spidey07
Originally posted by: tart666
Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
Click to expand...

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled
Click to expand...

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?
Click to expand...

I have to agree, this was sloppy and careless in their part.
 
I'm slightly amazed that an "office" network, isn't running some sort of perimeter firewall at the gateway, but instead depends on users to run a host-based firewall? Nothing against host-based protection, mind you, should a worm get past the front gates, but not having any "front gates" at all? Whoa.

PS. Don't forget to burn those movies to DVD before reformatting, you might need to save the "evidence", especially if the movies happen to be good ones. 😛
 
Originally posted by: tart666the bigger problem was, Kerio was acting up, so I turned it off to test if was the problem. It was, so I switched to windows firewall. Which does not have "Trusted Zones". So ftp was open to everyone on the internet, with write-privileges access for anonymous.
Click to expand...
The windows firewall in SP2 has an exceptions tab where you can uncheck the box next to your FTP software to prevent access. I run FlashFXP and it auto-added it to my exceptions control list and checked it as an exception by default so I just uncheck the box when not in use. I also have a router with NAT and another software firewall but I don't think the built-in firewall would do too bad a job on its own, not gonna find out though 😉
 
Originally posted by: VirtualLarry
I'm slightly amazed that an "office" network, isn't running some sort of perimeter firewall at the gateway, but instead depends on users to run a host-based firewall? Nothing against host-based protection, mind you, should a worm get past the front gates, but not having any "front gates" at all? Whoa.

PS. Don't forget to burn those movies to DVD before reformatting, you might need to save the "evidence", especially if the movies happen to be good ones. 😛
Click to expand...

i wouldn't do it. might be kiddie porn or stuff that you don't want to see. who knows you could be traumatized for life. 🙂
 
Thats actually a problem for office networks. In your agreement you have to either state it is not your responsibility to filter traffic or be ready to take the brunt of lawsuits from employees that may be traumitized.
 
Originally posted by: spidey07
Originally posted by: tart666
Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
Click to expand...

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled
Click to expand...

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?
Click to expand...

^Exactly^ Probably the only reason they are against NAT's are their lack of understanding them! Fire them now!!
 
Originally posted by: ITJunkie
Originally posted by: spidey07
Originally posted by: tart666
Originally posted by: skyking
a format, and some sort of firewall/router box would also be a good idea. No real reason to leave the entire port range of the internet there, hammering on your interface😛
Click to expand...

this is my office computer, we get real IP addresses, and the sysadmins are against NAT's on the users side. I guess I just have to make sure the computer stays patched, and that anonymous ftp is disabled
Click to expand...

your sysadmins need to be fired immediately. They allowed an internal host to be hacked?
Click to expand...

^Exactly^ Probably the only reason they are against NAT's are their lack of understanding them! Fire them now!!
Click to expand...

dude, in a university with 20,000 students, nobody's gonna listen to me... anyway, I guess i will try to get used to the xp firewall...
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top