|
Posted by just bob on March 16, 2008, 8:49 pm
Please log in for more thread options I should have said he is making up random machine names, not "spoofing" as I
said.
Thanks for the link - I am going to see if I can find something there to
help.
> just bob wrote:
>> Microsoft wizards please help me as I am desperate. Someone continues to
>> lock all my admin accounts. My firewall is working properly (allowing
>> only port 53) so I think the guy is using one of the 120 PC's or another
>> server on my network to read my user database and identify the admin
>> accounts and send a command to lock them. We've got the latest Symantec
>> antivirus corporate edition installed and updated on all the machines and
>> it's supposed to identify spyware, etc. Why is it so easy for this guy to
>> do this? I have downloaded all the high priority updates for all
>> machines, servers and PC's. We've also used the server lockdown tool. Why
>> doesn't this help? Most importantly, why does Microsoft not give me more
>> detailed info on which machine this guy is using? The event log just has
>> a random spoof machine name. Last time he did this he spoofed the machine
>> name field to say "sorry". I got lucky there was one admin account he
>> missed and I was able to unlock the accounts. Next time I fear I will not
>> be so lucky.
>>
>> If there is a better group or forum to use or consultant I can call to
>> get help please advise.
>
> It doesn't necessary has to be a hacker trying to breach your network - it
> might be (and it is more likely ) old service or mapped network share
> which is using old administrator account.
>
> Try to use these tools to troubleshoot the cause of your problems:
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
>
> --
> Tomasz Onyszko
> http://www.w2k.pl/ - (PL)
> http://blogs.dirteam.com/blogs/tomek/ - (EN)
| 
XML Sitemap