Re: Proxy server hit... Any ideas?

From: Russell Harding <hardingr(at)cunap.com>
Date: Tue Nov 19 2002 - 16:04:18 EST

Mike,

  It seems like you've been gotten one of the many so called 'hackers' who troll the internet looking for unpatched NT boxen to use as rogue FTP (music/warez/movie) servers.

  The incidents list sees this sort of post about once a week... "I run NT, don't know security and got hit...what did I get?"

  I could be just another person to direct you to the same sources the list always does (netstat, fport, etc...) But I would like to recommend the following:

  With an unknown backdoor installed on your system, you really can never know if you've eradicated the intruder. It is best to not really worry about what is there (keep the 'pirates booty' if you wish :) ) But focus on what to do about it. You need to re-format your drive, start from scratch with the machine _off_ the public internet until it is fully patched. Don't always trust windows update to keep you patched... It may help you to use a third party utility.

   Good luck rebuilding your system,

         -Russell

On Mon, 18 Nov 2002, Mike Cain wrote:

> Well, I have had my first run-in with a hacker, or was it a virus? I'm

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Nov 19 23:06:17 2002