• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 837
  • Last Modified:

Hacker?

Hello,
 I believe that there is an ex-employee trying to hack into our computer system. I need some help reading log files and deciding if the error message really is coming from a hacker.

I use the word "hacker" loosely I believe that the hacker is extremely dim-witted, I'm sure that her/his only skill would be to download a pre-made script and enter an IP address. I believe that the script is using this vunerability: http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

In the IIS log file I found these entrys listed after the employee left the company and after the employees password was changed:

2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 PROPFIND /NETLOGON - 404 Microsoft-WebDAV-MiniRedir/5.1.2600

I have changed our computer name to COMPUTER name and the employee's user handle to exemployeeusername, other than that these two line appear exactly as they do on the IIS log.

I'm not really worried about the data or gaining access to the system, the network here has changed 100% since this employee left and the data he/she would most likely try to get/destroy in not obtainable also everything on this network is backed up regularly. I am more interested in proving that this person did indeed try to connect to our system.

My question is, what was the employee trying to access? Was the attempt successful? What futher actions should I take to stop the hacker in the future.
0
funkyfinger
Asked:
funkyfinger
1 Solution
 
pentiumDBCommented:
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now