Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

cracker using KSecDD

Posted on 2000-05-18
9
1,223 Views
Last Modified: 2013-12-28
We have 2 NT4 servers with public IP addresses and no firewall.
Someone is trying to crack accounts on these servers. We can see lots of failure messages in the security event logs. They are always from a different domain, different username, different password but with the same logon type = 3 (Network) and logon process = KSecDD (Security Device Driver). What does it mean ? How could we stop these cracking attempts ?

We plan to install a firewall but we would like to find a solution before it.
TIA for any information.
0
Comment
Question by:lde
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 6

Accepted Solution

by:
setiawan earned 150 total points
ID: 2820654
Hi Ide,

becareful, not to share some folder on your server with full access if your server published to internet.

Before you setting your firewall
I suggest you install the latest service pack for your NT Server from MS site.

hope this helps.

  danny
0
 
LVL 86

Expert Comment

by:jkr
ID: 2820940
0
 

Expert Comment

by:vbadier
ID: 2824324
Hi

What about your server? Domain controler or stand-alone?

Regarding your errors, they might be domain controler, because , as i know, logon type 2 and Logon process = User32 are for local security authentification, but the process KsecDD and the Logon type 3 are used for domain authentification.

So, actually, in my opinion, the cracker is stoped by the normal logon athentification.

Sorry not able to help you more for the moment.

Regard's
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Expert Comment

by:vbadier
ID: 2824331
Sorry, What you could do is enable network monitoring and store trame. Then when reviewing the trame, you could know more about who is attempting to go in (like his IP adress). Then you can lock this particular ip adress.

Hope this help.
0
 

Expert Comment

by:vbadier
ID: 2824370
Sorry, What you could do is enable network monitoring and store trame. Then when reviewing the trame, you could know more about who is attempting to go in (like his IP adress). Then you can lock this particular ip adress.

Hope this help.
0
 

Author Comment

by:lde
ID: 2843213
Thank you all.
It looks like we had forgotten shared folders on the servers. The cracker used a software to try logins on these shared folders.
Now, we have unshared and it's over.
0
 

Author Comment

by:lde
ID: 2843220
Comment accepted as answer
0
 

Author Comment

by:lde
ID: 2843221
Thanks to setiawan.
We had forgotten shared folders.
0
 
LVL 6

Expert Comment

by:setiawan
ID: 2843258
You're welcome
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 8.1 Enterprise Pauses Frequently 27 84
Change size 15 53
Domain Controller Time Sync Question 4 29
sql server service accounts 4 42
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question