Solved

Hacker?

Posted on 2004-09-08
4
819 Views
Last Modified: 2011-10-03
Hello,
 I believe that there is an ex-employee trying to hack into our computer system. I need some help reading log files and deciding if the error message really is coming from a hacker.

I use the word "hacker" loosely I believe that the hacker is extremely dim-witted, I'm sure that her/his only skill would be to download a pre-made script and enter an IP address. I believe that the script is using this vunerability: http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

In the IIS log file I found these entrys listed after the employee left the company and after the employees password was changed:

2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 PROPFIND /NETLOGON - 404 Microsoft-WebDAV-MiniRedir/5.1.2600

I have changed our computer name to COMPUTER name and the employee's user handle to exemployeeusername, other than that these two line appear exactly as they do on the IIS log.

I'm not really worried about the data or gaining access to the system, the network here has changed 100% since this employee left and the data he/she would most likely try to get/destroy in not obtainable also everything on this network is backed up regularly. I am more interested in proving that this person did indeed try to connect to our system.

My question is, what was the employee trying to access? Was the attempt successful? What futher actions should I take to stop the hacker in the future.
0
Comment
Question by:funkyfinger
4 Comments
 
LVL 2

Accepted Solution

by:
pentiumDB earned 125 total points
ID: 12013409
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now