Solved

Hacker?

Posted on 2004-09-08
4
825 Views
Last Modified: 2011-10-03
Hello,
 I believe that there is an ex-employee trying to hack into our computer system. I need some help reading log files and deciding if the error message really is coming from a hacker.

I use the word "hacker" loosely I believe that the hacker is extremely dim-witted, I'm sure that her/his only skill would be to download a pre-made script and enter an IP address. I believe that the script is using this vunerability: http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

In the IIS log file I found these entrys listed after the employee left the company and after the employees password was changed:

2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 OPTIONS / - 200 Microsoft-WebDAV-MiniRedir/5.1.2600
2004-09-08 16:36:20 192.168.0.125 COMPUTERNAME\exemployeeusername 192.168.16.69 80 PROPFIND /NETLOGON - 404 Microsoft-WebDAV-MiniRedir/5.1.2600

I have changed our computer name to COMPUTER name and the employee's user handle to exemployeeusername, other than that these two line appear exactly as they do on the IIS log.

I'm not really worried about the data or gaining access to the system, the network here has changed 100% since this employee left and the data he/she would most likely try to get/destroy in not obtainable also everything on this network is backed up regularly. I am more interested in proving that this person did indeed try to connect to our system.

My question is, what was the employee trying to access? Was the attempt successful? What futher actions should I take to stop the hacker in the future.
0
Comment
Question by:funkyfinger
4 Comments
 
LVL 2

Accepted Solution

by:
pentiumDB earned 125 total points
ID: 12013409
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this network design suitable? 3 67
DirectAccess - Open ports 2 48
Transfering files via a single Cat5 between two DOMAIN computers. 14 78
Password managers 1 18
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now