Solved

Hacker?

Posted on 2004-09-08
4
832 Views
Last Modified: 2011-10-03
Hello,
 I believe that there is an ex-employee trying to hack into our computer system. I need some help reading log files and deciding if the error message really is coming from a hacker.

I use the word "hacker" loosely I believe that the hacker is extremely dim-witted, I'm sure that her/his only skill would be to download a pre-made script and enter an IP address. I believe that the script is using this vunerability: http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

In the IIS log file I found these entrys listed after the employee left the company and after the employees password was changed:

2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 PROPFIND /NETLOGON - 404 Microsoft-WebDAV-MiniRedir/5.1.2600

I have changed our computer name to COMPUTER name and the employee's user handle to exemployeeusername, other than that these two line appear exactly as they do on the IIS log.

I'm not really worried about the data or gaining access to the system, the network here has changed 100% since this employee left and the data he/she would most likely try to get/destroy in not obtainable also everything on this network is backed up regularly. I am more interested in proving that this person did indeed try to connect to our system.

My question is, what was the employee trying to access? Was the attempt successful? What futher actions should I take to stop the hacker in the future.
0
Comment
Question by:funkyfinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 2

Accepted Solution

by:
pentiumDB earned 125 total points
ID: 12013409
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question