Link to home
Start Free TrialLog in
Avatar of Albatross1953
Albatross1953

asked on

Network Hacked

I service a business with 40 computers that was blocked form Internet access by one PC. The event error read: "The master browser has received a server announcement from the computer TCTRUCKS6-DT that believes that it is the master browser for the domain on transport NetBT_Tcpip~". The network restored after that computer was shut down. It is a peer-to-peer network. The only servers are 3rd party programs. Nobody was physically using the problem PC on the day that this occurred. I noticed that the antivirus (Viper Enterprise, which is the strongest I've seen) was reconfigured just prior to shutdown. The static IP was removed & the workgroup was changed to the default WORKGROUP, but that could have been done by the user previously. It is working normally so far today. I notice in the Windows log that special privileges were assigned to a new logon many times on this & other PCs. What should I do at this point to track this down & prevent recurrence?
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image
Nothing that you have stated implies that you were hacked in any way shape or form.  The Master Browser message is a bog standard windows occurrence.

Windows logs with special privs?  well unless we can see examples of the logs and and exactly what it said, we have no idea what was going on, again assignment of special privs to an account can be a normal everyday occurrence.

Some more details and logs would be useful.
Avatar of Albatross1953
Albatross1953

ASKER

Why would one computer believe it is the master browser for the domain and block all the others? What logs do you need to see?
ASKER CERTIFIED SOLUTION
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Albatross1953
Albatross1953

ASKER

I'm surprised that is not in my A+, Network+ or Server+ books. It explains many things, except why the whole network could not use the Internet until the Master Browse Server was shut down. It also was one of only a few computers on that workgroup. I couldn't even ping 8.8.8.8.
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image
Quite possibly it was the IP address of it that clashed with your gateway/router. The master browser service would not cause that. That was just a red herring throwing you off the scent
Avatar of Albatross1953
Albatross1953

ASKER

One last thing is that the assigning of the Master Browse server was logged as an error (red flag) in Event Viewer over 30  consecutive times on the other computers.
Avatar of Neil Russell
Neil Russell
Flag of United Kingdom of Great Britain and Northern Ireland image
Always is.  There are LOTS of MS errors that are logged that are not errors as such.

What exactly is "An Unknown error has occurred" ?  After all if was known and expected, it would not be an error surely? :P

Experience and Google is always the best friend of the event log reader.