Hall of Fame

1. JFrederic...670,739
2. donjohnston417,021
3. ikalmar368,163
4. lrmoore253,279
5. that1guy15222,805
6. rochey2...195,091
7. asavener186,926
8. kenboonejr171,661
9. memo_tnt133,650
10. bkepford120,600
11. giltjr112,140
12. jodylemoine109,745
13. equalizer107,193
14. Quori90,445
15. harbor23589,007
16. RobWill88,199
17. mikecr88,148
18. MikeKane86,702
19. Darr24784,513
20. _jesper_75,755
21. dpk_wal74,023
22. API_NOC72,233
23. cstosgale62,348
24. uetian170761,946
25. 3nerds61,200

1. lrmoore3,472,389
2. JFrederic...2,255,296
3. donjohnston1,666,516
4. mikebernh...700,315
5. RobWill500,713
6. harbor235443,203
7. rsivanandan436,793
8. that1guy15385,450
9. ikalmar368,163
10. giltjr330,253
11. Dr-IP308,429
12. bkepford292,320
13. batry_boy220,946
14. Darr247220,339
15. _jesper_202,054
16. kbbcnet200,499
17. rochey2...195,091
18. mikecr194,743
19. asavener186,926
20. Scotty_ci...186,404
21. calvinetter181,881
22. from_exp181,371
23. dpk_wal177,900
24. kenboonejr171,661
25. donmanrobb170,225

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

4.8

HELP !! Previous Admin fired making threats !! Remote Admin Tools Discovered on servers, No Documentation, Network Security seriously in question, Cisco 1600, PIX 6.3 HELP

Asked by Quazzimuss in Network Routers, Cisco PIX Firewall, Active Directory

Hello, I recently replaced a network admin after he was fired on hostile terms. Discovered that he had left himself backdoor trojans on three of our servers and has been accessing our network possibly to cause harm. I need to begin logging all activity, block all unnecessary network traffic, and remove these RAT's. Here we have a windows 2000 domain.
Our traffic goes through:
Cisco 1601 Router
Cisco PIX Firewall version 6.3 (5)

I discovered the RAT's on the three servers by using GFI Languard Vulnerability Scan after the previous admin had called another employee here to "brag" about being able to see everything inside the network, and making threatening demands, such as offerring him two weeks pay and a letter of reccomendation to come in for one day to "fix" the network and return to us all the paswords to such things as the norton antivirus system management console, which is locked, and with many exception to the virus scanning. The SQL User id and pass to log on to two of the SQL databases, specifically the one we use for processing our credit card purchases. and the other we use to store all of our company's product pricing information. I really need to be sure he is locked out of our network, and I hope I can do this first by making some changes to the ACL's on our PIX,, this will buy me the time I need to contact Symanted Support , to get into the system management console, so i could remove the exclusions he set up in the scan, I cannot even uninstall the antivirus software from the server as i am prompted for password for that also. I believe the trojans on the other server could also be a password stealer, anyway there are RAT's on each of our three servers and our Norton Corporate verstion 10.0.1.1000 isnt finding. Please help with any suggestions on where to begin adressing this serious threat, including blocking the traffic first, then also to finding and removing the RAT's and any other malicious software. Im sending out the call to our community for help here ! I'm being held hostage in my own network here, and our information is at serious risk, and if he were to cause any harm, it will be expected of me to provide evidence so that we may prosecute him. I have been on this network for only 3 days now,, there is no documentation, I have already reset the passwords / enable passwords on the router, and the PIX firewall both. Being that it is Memorial Day weekend, also I have been unable to get a hold of any of my old classmates and friends that might be able to help me,, so i have come here to the experts exchange to draw upon our collective infinite wisdom. Any help and suggestions will be most welcome thank you !!

Get your answer NOW

20091111-EE-VQP-89

HELP !! Previous Admin fired making threats !! Remote Admin Tools Discovered on servers, No Documentation, Network Security seriously in question, Cisco 1600, PIX 6.3 HELP

Asked by Quazzimuss in Network Routers, Cisco PIX Firewall, Active Directory

About this solution