Hosting Provided By

RE: Unknown workgroup in Microsoft Windows Network

From: David Vincent <david.vincent(at)mightyoaks.com>
Date: Wed Nov 13 2002 - 01:00:16 EST

if you're running a WINS server i'd have a look at that database.

-d

-----Original Message-----

From: gary_palmer@attbi.com [mailto:gary_palmer@attbi.com] Sent: Tuesday, November 12, 2002 1:13 PM To: focus-ms@securityfocus.com
Subject: Unknown workgroup in Microsoft Windows Network

Recently a new workgroup name appeared in our organizations "Network Neighborhood > Microsoft Windows Network" The workgroup or domain is called "Gotcha." Not a particularly pleasing name for a workgroup.

Having verified that no staff members have plugged in new hardware recently,

and verifying that there are no unauthorized logins to our wireless network,

I'm somewhat at a loss to explain this. I found information on an SMB hack that, as a side-effect causes a rogue workgroup to show up in Network Neighborhood in order to sniff cleartext passwords from Windows 95 machines,

but our firewall blocks ports 137 and 139, and there's nothing unusual in the
firewall logs.

Do you need help?

My question is this--what's the best way to track down an IP address associated with a domain or workgroup listing in Network Neighborhood. Is this
possible? This would at least give me an idea of where on the physical network
this is coming from. Does anyone have recommendations on tracing this problem?

Thank you,

Gary

--

gpalmer@attbi.com Received on Wed Nov 13 11:24:50 2002

This message: [ Message body ]
Next message: Martin Robson: "RE: Tools"
Previous message: AQBARROS(at)BKB.com.br: "RES: Tools"
Maybe in reply to: gary_palmer(at)attbi.com: "Unknown workgroup in Microsoft Windows Network"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:24 EDT