Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Hacked by my own server?

Posted on 2009-02-18
Medium Priority
Last Modified: 2013-11-22
Here is a report of something i got from my antivirus software server (We use Kasperski Enterprise):

Event Hacker attack detection happened on computer FHALE in the domain OWPRNETWORK at Mon Feb 16 10:56:44 2009 Intrusion.Win.LSASS.exploit! Attacker's IP address: Protocol/service: TCP on local port 139. Time: 2/16/2009 10:56:44 AM

Attacker's IP address: is my domain controller, file server, print server...

Sould i be freaking Yet?

What do i do?

Thanks as usual,

Question by:jpertchik
LVL 31

Accepted Solution

Frosty555 earned 2000 total points
ID: 23677891
The LSASS exploit was patched in XP SP2, and is blocked by the firewall when it comes from the internet, and finally Kaspersky detects and blocks it as well. So the workstation is safe. But the fact that it's coming from your domain controller is disconcerting. Those kind of attacks typically come from somewhere out on the internet.

If you have a rogue process running on your domain controller, your whole network is compromised and it's reason to be freaking. Examine the DC thoroughly for anything suspicious. Run antivirus scans, run hijackthis, run sysinternals process explorer and sysinternals autoruns, identify any strange looking processes or services, and terminate them.

If you were compromised, check your users and your group policies for suspicious entries. If I were a hacker and I gained control over a domain controller, first thing I'd do is create an administrator user so that I have free reign over the whole network. Look for strange shares or permissions added to critical folder shares, newly created users, and administrator users which have had their passwords changed.

Good luck
LVL 23

Expert Comment

by:Mohamed Osama
ID: 23678776
In addition to the above advice, please check your DC & other servers for missing Operating system or other critical Patches, Microsoft Baseline Security Analyzer is a good tool to assist here.


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question